Hackers are distributing near 1,000 internet pages mimicking Reddit and the WeTransfer file sharing service that result in downloading the Lumma Stealer malware.
On the faux pages, the risk actor is abusing the Reddit model by displaying a faux dialogue thread on a particular subject. The thread creator asks for assist to obtain a particular device, one other consumer gives to assist by importing it to WeTransfer and sharing the hyperlink, and a 3rd thanks him to make all the things seem reputable.

Supply: BleepingComputer
Unsuspecting victims clicking on the hyperlink are taken to a faux WeTransfer web site that mimicks the interface of the favored file-sharing service. The ‘Obtain’ button results in the Lumma Stealer payload hosted on “weighcobbweo[.]high.”
All websites used on this marketing campaign include a string of the model they impersonate adopted by random numbers and characters to look reputable at a fast look. The highest-level-domains are both “.org” or “.internet.”
All websites a part of the marketing campaign include a string of the model they impersonate adopted by random numbers and characters to look reputable at a fast look. The highest-level-domains are both “.org” or “.internet.”

Supply: BleepingComputer
These faux web sites have been discovered by Sekoia researcher crep1x, who shared a whole listing of internet pages taking part within the scheme. In complete, there are 529 pages impersonating Reddit and 407 posing because the official WeTransfer service serving a obtain.
The researcher instructed BleepingComputer that he was unable to retrieve any clues in regards to the earlier phases of the an infection chain, however the particular matters used point out some type of elaboration.
The assault would possibly start with malvertising, search engine marketing poisoning, malicious web sites, direct messages on social media, and different means.
A yr in the past, the identical researcher found an analogous marketing campaign the place 1,300 websites abused the AnyDesk model to push the Vidar Stealer malware.
Danger of info-stealer malware
Lumma Stealer is a potent device with superior evasion and knowledge theft mechanisms. The malware is bought to hackers who distribute it by way of varied strategies, together with GitHub feedback, deepfake nude generator websites, and malvertising.
Information-stealing malware can gather, amongst different issues, passwords saved on internet browsers and session tokens that can be utilized to hijack accounts with out realizing the credentials.
This sort of risk is usually used to exfiltrate delicate login knowledge from firms and the small print are normally bought on hacker boards.
Most not too long ago, infostealers enabled high-impact assaults on PowerSchool, HotTopic, CircleCI, and Snowflake.