• bitcoinBitcoin (BTC) $ 96,618.00
  • ethereumEthereum (ETH) $ 3,333.61
  • tetherTether (USDT) $ 0.999914
  • bnbBNB (BNB) $ 942.14
  • xrpXRP (XRP) $ 2.13
  • solanaSolana (SOL) $ 145.56
  • usd-coinUSDC (USDC) $ 0.999756
  • staked-etherLido Staked Ether (STETH) $ 3,333.40
  • tronTRON (TRX) $ 0.303853
  • dogecoinDogecoin (DOGE) $ 0.146404
  • cardanoCardano (ADA) $ 0.412366
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.02
  • wrapped-stethWrapped stETH (WSTETH) $ 4,080.19
  • moneroMonero (XMR) $ 723.79
  • whitebitWhiteBIT Coin (WBT) $ 57.66
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,626.57
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 96,269.00
  • bitcoin-cashBitcoin Cash (BCH) $ 595.52
  • wrapped-eethWrapped eETH (WEETH) $ 3,616.25
  • chainlinkChainlink (LINK) $ 14.05
  • usdsUSDS (USDS) $ 0.999705
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999942
  • wethWETH (WETH) $ 3,330.42
  • leo-tokenLEO Token (LEO) $ 8.71
  • stellarStellar (XLM) $ 0.234424
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 96,564.00
  • zcashZcash (ZEC) $ 445.30
  • suiSui (SUI) $ 1.84
  • ethena-usdeEthena USDe (USDE) $ 0.999567
  • avalanche-2Avalanche (AVAX) $ 14.54
  • hyperliquidHyperliquid (HYPE) $ 25.73
  • litecoinLitecoin (LTC) $ 76.44
  • hedera-hashgraphHedera (HBAR) $ 0.122766
  • shiba-inuShiba Inu (SHIB) $ 0.000009
  • canton-networkCanton (CC) $ 0.135077
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.174113
  • usdt0USDT0 (USDT0) $ 0.999938
  • daiDai (DAI) $ 0.999858
  • the-open-networkToncoin (TON) $ 1.77
  • susdssUSDS (SUSDS) $ 1.08
  • crypto-com-chainCronos (CRO) $ 0.103199
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.21
  • polkadotPolkadot (DOT) $ 2.23
  • paypal-usdPayPal USD (PYUSD) $ 0.999562
  • uniswapUniswap (UNI) $ 5.65
  • usd1-wlfiUSD1 (USD1) $ 0.999535
  • rainRain (RAIN) $ 0.009497
  • mantleMantle (MNT) $ 0.963285
  • bittensorBittensor (TAO) $ 291.51
  • aaveAave (AAVE) $ 177.84
  • memecoreMemeCore (M) $ 1.53
  • bitget-tokenBitget Token (BGB) $ 3.75
  • pepePepe (PEPE) $ 0.000006
  • internet-computerInternet Computer (ICP) $ 4.66
  • okbOKB (OKB) $ 116.10
  • tether-goldTether Gold (XAUT) $ 4,610.75
  • nearNEAR Protocol (NEAR) $ 1.80
  • falcon-financeFalcon USD (USDF) $ 0.997421
  • jito-staked-solJito Staked SOL (JITOSOL) $ 182.63
  • ethereum-classicEthereum Classic (ETC) $ 13.11
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,332.18
  • ethenaEthena (ENA) $ 0.236248
  • aster-2Aster (ASTER) $ 0.745258
  • pax-goldPAX Gold (PAXG) $ 4,628.27
  • pi-networkPi Network (PI) $ 0.208866
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pump-funPump.fun (PUMP) $ 0.002832
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.156707
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.95
  • worldcoin-wldWorldcoin (WLD) $ 0.596652
  • binance-staked-solBinance Staked SOL (BNSOL) $ 159.09
  • htx-daoHTX DAO (HTX) $ 0.000002
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • kucoin-sharesKuCoin (KCS) $ 11.48
  • global-dollarGlobal Dollar (USDG) $ 0.999710
  • aptosAptos (APT) $ 1.94
  • wbnbWrapped BNB (WBNB) $ 941.95
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,847.61
  • ripple-usdRipple USD (RLUSD) $ 0.999632
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • skySky (SKY) $ 0.059777
  • bfusdBFUSD (BFUSD) $ 0.999704
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999718
  • kaspaKaspa (KAS) $ 0.047847
  • hash-2Provenance Blockchain (HASH) $ 0.023898
  • cosmosCosmos Hub (ATOM) $ 2.59
  • ondo-financeOndo (ONDO) $ 0.397356
  • arbitrumArbitrum (ARB) $ 0.216667
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,537.73
  • story-2Story (IP) $ 3.51
  • gatechain-tokenGate (GT) $ 10.50
  • algorandAlgorand (ALGO) $ 0.136199
  • filecoinFilecoin (FIL) $ 1.61
  • render-tokenRender (RENDER) $ 2.27
  • official-trumpOfficial Trump (TRUMP) $ 5.56
  • midnight-3Midnight (NIGHT) $ 0.066109
  • myx-financeMYX Finance (MYX) $ 5.74
  • ignition-fbtcFunction FBTC (FBTC) $ 96,009.00
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 96,579.00
  • vechainVeChain (VET) $ 0.012081
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 95,853.00
  • dashDash (DASH) $ 80.52
  • nexoNEXO (NEXO) $ 0.972464
  • bonkBonk (BONK) $ 0.000011
  • flare-networksFlare (FLR) $ 0.011421
  • usddUSDD (USDD) $ 0.999118
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,575.18
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,612.87
  • usdtbUSDtb (USDTB) $ 0.999349
  • xdce-crowd-saleXDC Network (XDC) $ 0.044627
  • ousgOUSG (OUSG) $ 113.97
  • sei-networkSei (SEI) $ 0.123467
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.96
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.012722
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999707
  • wrappedm-by-m0WrappedM by M0 (WM) $ 0.999745
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 96,133.00
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • morphoMorpho (MORPHO) $ 1.40
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,561.92
  • clbtcclBTC (CLBTC) $ 95,739.00
  • jupiter-exchange-solanaJupiter (JUP) $ 0.231430
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 169.23
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.05
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,541.12
  • beldexBeldex (BDX) $ 0.090850
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.11
  • optimismOptimism (OP) $ 0.352558
  • blockstackStacks (STX) $ 0.382390
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.289579
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.02
  • wrapped-flareWrapped Flare (WFLR) $ 0.011419
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • usdaiUSDai (USDAI) $ 1.00
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,332.46
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999909
  • curve-dao-tokenCurve DAO (CRV) $ 0.427273
  • tezosTezos (XTZ) $ 0.576783
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.22
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 26.02
  • c8ntinuumc8ntinuum (CTM) $ 0.134219
  • tbtctBTC (TBTC) $ 96,112.00
  • spx6900SPX6900 (SPX) $ 0.608190
  • chilizChiliz (CHZ) $ 0.055280
  • usual-usdUsual USD (USD0) $ 0.998295
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,330.48
  • injective-protocolInjective (INJ) $ 5.50
  • aerodrome-financeAerodrome Finance (AERO) $ 0.599744
  • lido-daoLido DAO (LDO) $ 0.646936
  • gtethGTETH (GTETH) $ 3,335.80
  • lighterLighter (LIT) $ 2.12
  • flokiFLOKI (FLOKI) $ 0.000053
  • celestiaCelestia (TIA) $ 0.589438
  • ether-fiEther.fi (ETHFI) $ 0.775680
  • msolMarinade Staked SOL (MSOL) $ 196.84
  • first-digital-usdFirst Digital USD (FDUSD) $ 1.00
  • ghoGHO (GHO) $ 0.999635
  • true-usdTrueUSD (TUSD) $ 0.999641
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,598.53
  • stader-ethxStader ETHx (ETHX) $ 3,592.01
  • fasttokenFasttoken (FTN) $ 1.09
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,730.25
  • the-graphThe Graph (GRT) $ 0.042143
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.223561
  • syrupMaple Finance (SYRUP) $ 0.390496
  • starknetStarknet (STRK) $ 0.088349
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • sbtc-2sBTC (SBTC) $ 97,050.00
  • riverRiver (RIVER) $ 22.67
  • doublezeroDoubleZero (2Z) $ 0.126222
  • staked-aaveStaked Aave (STKAAVE) $ 175.91
  • bittorrentBitTorrent (BTT) $ 0.00000044
  • newton-projectAB (AB) $ 0.004455
  • iotaIOTA (IOTA) $ 0.100511
  • jasmycoinJasmyCoin (JASMY) $ 0.008615
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.09
  • ethereum-name-serviceEthereum Name Service (ENS) $ 10.83
  • dogwifcoindogwifhat (WIF) $ 0.408900
  • conflux-tokenConflux (CFX) $ 0.078564
  • sun-tokenSun Token (SUN) $ 0.021078
  • justJUST (JST) $ 0.040594
  • usdbUSDB (USDB) $ 0.990069
  • pyth-networkPyth Network (PYTH) $ 0.069514
  • bitcoin-svBitcoin SV (BSV) $ 19.88
  • decredDecred (DCR) $ 22.70
  • fartcoinFartcoin (FARTCOIN) $ 0.391670
  • wrapped-stx-velarWrapped STX (Velar) (WSTX) $ 0.387650
  • gnosisGnosis (GNO) $ 147.09
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.917718
  • chain-2Onyxcoin (XCN) $ 0.008913
  • telcoinTelcoin (TEL) $ 0.003978
  • pendlePendle (PENDLE) $ 2.24
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.146384
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 96,571.00
  • crvusdcrvUSD (CRVUSD) $ 0.999306
  • kaiaKaia (KAIA) $ 0.063227
  • cap-usdCap USD (CUSD) $ 1.00
  • apenftAINFT (NFT) $ 0.00000037
  • benqi-liquid-staked-avaxBENQI Liquid Staked AVAX (SAVAX) $ 18.11
  • euro-coinEURC (EURC) $ 1.16
Bitcoin

How Hackers Are Using Fake Captchas to Spread Lumma Stealer Malware

By admin
0 23
Advertise here

How Hackers Are Using Fake Captchas to Spread Lumma Stealer Malware

Bad actors are using fake Captcha prompts to distribute fileless Lumma Stealer malware that can steal crypto wallet credentials, according to research from cybersecurity firm DNSFilter.

First detected on a Greek banking website, the prompt requests Windows users to copy and paste it into the Run dialog box, and then to press Enter.

DNSFilter reports that the firm’s clients interacted with the fake Captcha 23 times over the course of three days, and that 17% of the people who encountered the prompt completed its on-screen steps, resulting in the attempted delivery of malware.

The malware in question is Lumma Stealer, which according to DNSFilter’s Global Partner Evangelist, Mikey Pruitt, searches an infected device for credentials and other sensitive data.

“Lumma Stealer immediately sweeps the system for anything it can monetize—browser-stored passwords and cookies, saved 2FA tokens, cryptocurrency wallet data, remote-access credentials, and even password-manager vaults,” he told Decrypt.

Pruitt clarifies that the bad actors use lifted data for a variety of purposes that all usually boil down to monetary gain, such as ID theft and accessing “online accounts for financial theft or fraudulent transactions,” as well as gaining access to cryptocurrency wallets.

Lumma Stealer has a wide reach according to Pruitt, and can be found on a wide variety of websites.

“While we can’t speak to how much might have been lost through this one avenue, this threat can exist on non-malicious sites,” he explained. “This makes it incredibly dangerous and important to be aware of when things seem suspicious.”

Malware-as-a-Service

Lumma Stealer is not only malware, but an example of Malware-as-a-Service (MaaS). Security firms have reported it’s responsible for a rise in malware attacks in recent years.

According to ESET malware analyst Jakub Tomanek, the operators behind Lumma Stealer develop its features, refine its ability to evade malware detection, while also registering domains to host the malware.

“Their primary goal is to keep the service operational and profitable, collecting monthly subscription fees from affiliates—effectively running Lumma Stealer as a sustainable cybercriminal business,” he told Decrypt.

Because it spares cybercriminals the need to develop malware and any underlying infrastructure, MaaS such as Lumma Stealer has proven stubbornly popular.

In May, the U.S. Department of Justice seized five internet domains that bad actors were using to operate Lumma Stealer malware, while Microsoft privately took down 2,300 similar domains.

Yet reports have revealed that Lumma Stealer has reemerged since May, with a July analysis from Trend Micro showing that “the number of targeted accounts steadily returned to their usual levels” between June and July.

Part of the appeal of Lumma Stealer is that subscriptions, which are often monthly, are inexpensive relative to the potential gains to be made.

“Available on dark web forums for as little as $250, this sophisticated information stealer specifically targets what matters most to cybercriminals – cryptocurrency wallets, browser-stored credentials, and two-factor authentication systems,” said Nathaniel Jones , the VP of Security & AI Strategy at Darktrace.

Jones told Decrypt that the scale of Lumma Stealer exploits has been “alarming,” with 2023 witnessing estimated losses of $36.5 million, as well as 400,000 Windows devices infected in the space of two months.

“But the real concern isn’t just the numbers – it’s the multi-layered monetisation strategy,” he said. “Lumma doesn’t just steal data, it systematically harvests browser histories, system information, and even AnyDesk configuration files before exfiltrating everything to Russian-controlled command centres.”

Heightening the threat of Lumma Stealer is the fact that stolen data is often fed directly into “traffer teams,” that specialize the theft and resale of credentials

“This creates a devastating cascade effect where a single infection can lead to bank account hijacking, cryptocurrency theft, and identity fraud that persists long after the initial breach,” add Jones.

While Darktrace suggests a Russian origin or center for Lumma-related exploits, DNSFilter notes that the bad actors making use of the malware service could be operating from multiple territories.

Mikey Pruitt said, “It is common for such malicious activities to involve individuals or groups from multiple countries, especially with the use of international hosting providers and malware distribution platforms.”

Source

admin 3201 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.

Advertise here