Fake CAPTCHA Campaign Delivers Lumma Information Stealer

A Global Malware Threat

Cybersecurity researchers are warning about a new malware campaign that uses fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. This campaign is global, with Netskope Threat Labs tracking victims in Argentina, Colombia, the United States, the Philippines, and other countries around the world.

The Campaign’s Tactics

The campaign is using legitimate — possibly compromised — email accounts to send phishing emails. To prevent analysis by automated security scripts, attackers are taking a series of steps, including:

• Detecting automated security scripts
• Listening for keystrokes that suggest web inspection
• Disabling the right-click context menu

Social Engineering-Oriented Credential Harvesting Attacks

Social engineering-oriented credential harvesting attacks have also been observed leveraging avatar provider Gravatar to mimic various legitimate services like AT&T, Comcast, Eastlink, Infinity, Kojeko, and Proton Mail.

Exploiting Gravatar’s ‘Profiles as a Service’

By exploiting Gravatar’s ‘Profiles as a Service,’ attackers create convincing fake profiles that mimic legitimate services, tricking users into divulging their credentials. According to SlashNext Field CTO Stephen Kowski, "By exploiting Gravatar’s ‘Profiles as a Service,’ attackers create convincing fake profiles that mimic legitimate services, tricking users into divulging their credentials."

Tailoring Fake Profiles

Instead of generic phishing attempts, attackers tailor their fake profiles to resemble the legitimate services they’re mimicking closely through services that are not often known or protected.

Stay Informed

If you found this article interesting, follow us on Twitter and LinkedIn to read more exclusive content we post.