A new malware campaign is gaining traction online, using fake CAPTCHA sites to trick users into installing Lumma Stealer (also known as Lumma C2). Users are asked to press specific key combinations to prove they’re not a robot, but this action triggers the installation of the malware.
Lumma Stealer malware
Lumma Stealer is designed to steal sensitive data, such as login credentials and financial information. It’s crucial to be cautious of unfamiliar CAPTCHA prompts and ensure that antivirus software is up to date to protect against such threats.
On September 20, analysts highlighted an unusual malware campaign on fake CAPTCHA sites. Hackers redirect users from dubious websites, often linked to pirated movies, to newly created domains where fraudulent CAPTCHA checks install malware.
Fake CAPTCHA domains:
- stage-second-v2c.b-cdn[.]net/…/human-check-update-14.html
- antibotx.b-cdn[.]net/captcha-verify.html
These pages ask for human verification via key combinations after the victim clicks “I am not a robot.”
Press Windows Button (Win+R)
Press CTRL + V
Press Enter
The site pastes malicious code into the clipboard, and key combinations trigger the Windows Run app. The command is pasted and executed via PowerShell, initiating the malware injection.
Here are some steps to protect yourself:
- Avoid suspicious sites – Stick to trusted websites and avoid downloading from unreliable sources.
- Be cautious with CAPTCHAs – Be wary of CAPTCHA requests asking for unusual actions, like specific key combinations.
- Use antivirus software – Keep your security software updated to detect and block malicious code.
- Update your system – Ensure your OS, browsers, and apps are regularly updated with security patches.
- Disable clipboard access – Restrict clipboard access for untrusted websites.
- Monitor system behavior – Watch for unusual system activity or prompts and disconnect from the internet if suspicious.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment