Hundreds of fake Reddit sites push Lumma Stealer malware
Essential information
- Published
- 24/01/2025 08:28
- Modified
- 24/01/2025 09:09
- Tags
- 2025-01-24 lumma stealer reddit impersonation wetransfer impersonation
- Related entities
- 200 observables, 7 techniques (mitre), 1 malware
Description
A widespread campaign involving nearly 1,000 fake web pages mimicking Reddit and WeTransfer has been discovered, aiming to distribute the Lumma Stealer malware. The attackers create convincing fake Reddit discussions and WeTransfer download pages to trick users into downloading the malicious payload. The campaign uses domain names that incorporate brand names with random characters to appear legitimate. Lumma Stealer is a sophisticated info-stealing tool capable of collecting passwords and session tokens, potentially leading to account hijacking. This type of malware has been implicated in recent high-profile attacks on various companies. The distribution methods for this campaign may include malvertising, SEO poisoning, and direct messages on social media.
External references
- https://gist.githubusercontent.com/qbourgue/071c333ff5182f031da3ba55cc7da1ec/raw/ec4ba396c0d1052cc8b0a69c1bad1e0e5aef2ab6/malicious_domains_impersonating_reddit_wetransfer_selfau3_dropper_lumma_stealer_20012025.txt
- https://x.com/crep1x/status/1881404758843699402
- https://www.bleepingcomputer.com/news/security/hundreds-of-fake-reddit-sites-push-lumma-stealer-malware
- https://otx.alienvault.com/pulse/67934f1207a95b0217514e55