Hackers have set up nearly 1,000 fake web pages impersonating Reddit and WeTransfer to distribute Lumma Stealer malware. The scam involves a fabricated Reddit discussion where users share a WeTransfer link to download a tool, which leads victims to a fake WeTransfer page hosting the malware.
These counterfeit sites often include random characters and numbers in their URLs, using ".org" or ".net" domains to appear more legitimate. Researchers found 529 sites mimicking Reddit and 407 imitating WeTransfer.
Lumma Stealer is a sophisticated info-stealing malware capable of exfiltrating sensitive data, including passwords and session tokens, which can lead to account hijacking. The malware is distributed through various means, such as malvertising and social media messages. This attack follows a similar campaign targeting AnyDesk last year and highlights the growing risks of info-stealer malware, often used to target businesses.
Read more...