216.73.216.133

Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page

· Published 13/01/2025 16:41 · Modified 13/01/2025 16:45

Export JSON

Essential information

Published
13/01/2025 16:41
Modified
13/01/2025 16:45
Tags
2025-01-13 captcha clipbanker cryptocurrency infostealer lummac2 obfuscation phishing powershell
Related entities
4 observables, 10 techniques (mitre), 1 malware

Description

A new distribution method for the malware has been identified, using a fake verification page. The process begins with a deceptive authentication screen that copies a malicious command to the clipboard when users click 'I'm not a robot'. This command executes an obfuscated HTA file, which in turn runs an encrypted script. The final payload is , capable of stealing browser data and information. The malware also employs a module to monitor and manipulate clipboard content, specifically targeting wallet addresses. This distribution method is primarily found on crack program download pages and in emails, emphasizing the need for caution when interacting with unfamiliar sources.

External references