Hackers are spreading a dangerous malware called Lumma Stealer by tricking you into clicking on a link in a fake Reddit thread that supposedly solves a problem, as Bleeping Computer reports. After clicking the link, the victims are transferred to a fake WeTransfer site similar to the transfer site’s interface.
Sekoia Researcher crep1x found the total number of distributed sites and even shared a complete list of the participating ones. The sites are nearly 1,000: 529 impersonate Reedit, and 407 pretend to be the official WeTransfer service site. The fake Reddit or WeTransfer site uses a combination of random numbers and characters, the brand name, and either ends with a .org or .net domain.
In addition to these options, the hackers use a fake Reddit thread in which the creator asks for help downloading a particular tool. Another user claims to have uploaded the file to WeTransfer and shared=s the link to download it. There is even a thank you message for the help. To possibly add a sense of urgency, the fake user who uploaded the file mentions that the link expires in two days.
The researcher couldn’t tell Bleeping Computer anything about the early stages of the infection but confirmed its expansion. Direct messages on social media, SEO poisoning, malicious websites, and more could be possible starting points for the situation. Unfortunately, it ends with a Lumma Stealer payload hosted on “weighcobbweo[.]top.”
What makes Lumma Stealer so dangerous? Its advanced data theft and evasion mechanisms make it harmful, and hackers use them to spread the virus using methods such as deepfake nude generator sites, GitHub comments, and malvertising. Nevertheless, one way to stay safe is to use one of the best antivirus and be cautious of the links you click on.
