
Cybercriminals are distributing a harmful malware known as Lumma Stealer by deceiving users into clicking links within counterfeit Reddit threads that claim to offer solutions to common issues, as reported by Bleeping Computer. Once victims click the link, they are redirected to a fraudulent WeTransfer site that mimics the legitimate website’s design.
Researcher crep1x discovered a total of nearly 1,000 websites involved in this scheme and even published a comprehensive list of these sites. Specifically, 529 sites imitate Reddit while 407 masquerade as the official WeTransfer page. These fraudulent websites employ a mix of random characters and numeric strings alongside the brand name, often ending with .org or .net domains.
Alongside the misleading threads, the attackers create fake Reddit posts where users seek assistance in downloading specific software. Another user then claims to have uploaded the file to WeTransfer and provides a link to download it, often with a follow-up thanking them for their assistance. To create urgency, the impersonating user may note that the link is set to expire in 48 hours.
The researcher could not specify the exact early infection methods but confirmed the malware’s rapid proliferation. Potential avenues for spreading this threat include social media direct messages, search engine optimization manipulation, and malicious sites, leading to the Lumma Stealer payload hosted on “weighcobbweo[.]top.”
So what makes Lumma Stealer particularly perilous? Its sophisticated data theft techniques and evasion strategies contribute to its threat level. Hackers exploit these vulnerabilities to propagate the malware through deceptive avenues like deepfake nude generator websites, discussions on GitHub, and malicious advertisements. To protect yourself, using a reputable antivirus program and remaining cautious about clicked links is essential.