EXPOSED: OnlyFans Hack Gone Wrong - How Cyber Criminals Turn into Victims Overnight
Essential information
- Published
- 06/09/2024 09:46
- Modified
- 06/09/2024 09:48
- Tags
- 2024-09-06 lummac stealer onlyfans
- Related entities
- 9 observables, 1 intrusion sets (apt), 19 techniques (mitre), 1 malware
Description
A sophisticated operation has been uncovered that turns aspiring OnlyFans hackers into victims. A user named Bilalkhanicom offered a tool to 'check' OnlyFans accounts on a hacking forum, which turned out to be a delivery system for Lummac stealer malware. This malware, developed by a threat actor known as 'Shamel' or 'Lumma', targets cryptocurrency wallets, 2FA browser extensions, and sensitive information. The malware connects to a GitHub account named 'UserBesty' to download additional payloads. The operation extends beyond OnlyFans, targeting Disney+, Instagram, and botnet aspiring hackers. The malware's architecture hints at potential geopolitical connections, with folder names suggesting global influences. Several recently created .shop domains serve as command-and-control servers for the malware.