Malicious CAPTCHA delivers Lumma and Amadey Trojans
Essential information
- Published
- 29/10/2024 14:25
- Modified
- 29/10/2024 14:56
- Tags
- 2024-10-29 adware amadey captcha infostealers lumma malvertising remcos social engineering
- Related entities
- 1 observables, 13 techniques (mitre), 3 malware, 4 others
Description
An adware campaign targets online users by presenting them with fake CAPTCHA or update prompts, tricking them into running malicious PowerShell commands that deploy credential-stealing malware like Lumma and Amadey. The attackers leverage ad networks to redirect victims to compromised sites hosting these social engineering lures. Once executed, Lumma abuses legitimate BitLocker functionality to harvest cryptocurrency wallets, passwords, and browser data, while Amadey gathers credentials and can deploy Remcos remote access trojan.