Subj : Fake Reddit sites found pushing Lumma Stealer malware
To   : All
From : TechnologyDaily
Date : Fri Jan 24 2025 12:45:07

Fake Reddit sites found pushing Lumma Stealer malware

Date:
Fri, 24 Jan 2025 12:30:00 +0000

Description:
Hackers are faking Reddit threads and WeTransfer files to try and trick users 
into downloading malware.

FULL STORY
======================================================================Security
 researchers discover hundreds of fake Reddit and WeTransfer pages These are 
used in an elaborate scheme to deploy the Lumma Stealer The pages are 
well-built and probably distributed via SEO poisoning and malicious landing 
pages 

There are hundreds of fake Reddit and WeTransfer websites out there, all 
designed to trick people into downloading and running the Lumma Stealer 
malware , experts have warned. 

Cybersecurity researchers from Sekoia have shared a complete list of the 
pages on GitHub, which includes 59 fake Reddit pages, and 407 fake WeTransfer 
pages. 

The tactic is simple: the fake Reddit page displays a thread in which a 
person asks help finding a specific piece of software. One of the responses 
shares a link to the fake WeTransfer page, where the tool can be downloaded. 
Other people in the thread share their thanks for the contribution, and the 
discussion continues. Targeting forensic analysts 

The researchers could not say for certain how victims end up on these pages, 
but its safe to assume there is a little SEO poisoning, malicious landing 
pages, or instant messaging communication involved. 

The choice of fake software is also curious. Usually, that is where 
researchers could find clues to who the targets are. If the attackers are 
faking software development tools, the targets are devs. If theyre faking 
games, crypto wallets, or Discord clients, the targets are retail buyers in 
the Web3 space. 

In the example shared by Sekoia researchers, the attackers went for OpenText 
Encase Forensic - a tool used for scanning, collecting, and securing forensic 
data for law enforcement, government agency and corporate investigations. 
This is not exactly software the police, cybersecurity pros, or enterprises 
would pirate, and also not something average internet users would need. 

Both the Reddit and WeTransfer pages were designed to look almost identical 
to the originals. Their URLs both contain brand names, followed by random 
numbers and characters. They are both on .org and .net top-level domains, 
further boosting their legitimacy. 

However, clicking the download button on the WeTransfer one leads to Lumma 
Stealer hosted on weighcobbweo[.]top. 

 Via BleepingComputer You might also like Top WordPress plugins found to have 
some serious security flaws, so make sure you're protected Here's a list of 
the best antivirus tools on offer These are the best endpoint protection 
tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/fake-reddit-sites-found-pushing-lumma-s
tealer-malware


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.