216.73.216.86

Booking a Threat: Inside LummaStealer's Fake reCAPTCHA

· Published 04/03/2025 15:14 · Modified 04/03/2025 21:02

Export JSON

Essential information

Published
04/03/2025 15:14
Modified
04/03/2025 21:02
Tags
2025-03-04 binary padding booking websites clickfix emotet fake captcha indirect control flow info-stealer lummastealer malvertising obfuscation powershell social engineering
Related entities
12 observables, 1 intrusion sets (apt), 8 techniques (mitre), 3 malware, 4 others

Description

A new malicious campaign targeting has been discovered, utilizing , an operating under a Malware-as-a-Service model. The attack employs fake CAPTCHAs to trick users into executing malicious commands. Initially targeting the Philippines, the campaign has expanded globally, focusing on . The infection chain involves a fake booking confirmation link, obfuscated PHP scripts, and payload download mechanisms. samples in this attack are significantly larger, up to 350% increase in size, and use techniques like and for evasion. The campaign's sophistication and global reach indicate a growing threat in the cybercrime landscape.

External references