Hackers are using fake Captchas to distribute Lumma Stealer malware, which can steal sensitive information from infected devices, including crypto wallet data and passwords. Research from DNSFilter has revealed that this malware, a form of Malware-as-a-Service, was first detected on a Greek banking website where users were tricked into executing commands that installed the malware. Approximately 17% of users who encountered the prompt complied, leading to malware delivery. The malware scans for valuable information like browser-stored credentials and two-factor authentication tokens, allowing cybercriminals to commit identity theft and financial fraud. Despite takedowns of numerous domains associated with Lumma Stealer, the malware has resurfaced, with reports estimating losses in 2023 at around $36.5 million and indicating that 400,000 Windows devices were infected over two months. The low barrier for entry, often just $250, makes it appealing for malicious actors seeking to monetize stolen data via various channels, creating a serious threat to users' online security.

Source đź”—