More than 1,150 organizations and over 7,000 users in North America, Southern Europe, and Asia have been compromised with the Lumma Stealer as part of a widespread phishing campaign involving almost 5,000 malicious PDF files containing phony CAPTCHA images since the last six months of 2024, according to The Hacker News.
Netskope Threat Labs found that Intrusions entailed the exploitation of search engine optimization to lure victims into downloading PDFs — most of which are hosted on Webflow's content delivery network — that contain fake CAPTCHA images leading to illicit PowerShell command execution and the eventual deployment of Lumma Stealer.
This development comes as Lumma Stealer has been recently spread via bogus Roblox games and a trojanized pirated Windows Total Commander tool promoted by hijacked YouTube accounts.
