216.73.216.169

EXPOSED: OnlyFans Hack Gone Wrong - How Cyber Criminals Turn into Victims Overnight

· Published 06/09/2024 09:46 · Modified 06/09/2024 09:48

Export JSON

Essential information

Published
06/09/2024 09:46
Modified
06/09/2024 09:48
Tags
2024-09-06 lummac stealer onlyfans
Related entities
9 observables, 1 intrusion sets (apt), 19 techniques (mitre), 1 malware

Description

A sophisticated operation has been uncovered that turns aspiring hackers into victims. A user named Bilalkhanicom offered a tool to 'check' accounts on a hacking forum, which turned out to be a delivery system for malware. This malware, developed by a threat actor known as 'Shamel' or 'Lumma', targets cryptocurrency wallets, 2FA browser extensions, and sensitive information. The malware connects to a GitHub account named 'UserBesty' to download additional payloads. The operation extends beyond , targeting Disney+, Instagram, and botnet aspiring hackers. The malware's architecture hints at potential geopolitical connections, with folder names suggesting global influences. Several recently created .shop domains serve as command-and-control servers for the malware.

External references