Threat actors have used almost 1,000 bogus Reddit and WeTransfer pages to distribute the Lumma Stealer malware as part of a new attack campaign, SC Media reports.
Intrusions involved the use of seemingly legitimate web pages "reddit" or "wetransfer" and up to two numbers and four random letters on a .pw, .net, or .org top-level domain, with the fraudulent Reddit pages impersonating software finding pages that would include a comment having a WeTransfer link, said Sekoia.io lead cybercrime analyst crep1x on Twitter.
Clicking the WeTransfer link redirects to a phishing page containing the password-protected archive purporting to be the needed software, but downloads the SelfAU3 dropper, which lets Lumma Stealer target sensitive data, according to crep1x.
This news comes more than two years after crep1x noted the Vidar information-stealing malware being distributed via over 1,300 AnyDesk-spoofing domains.
