Intel Name: Fake human captcha style verification pages lead to copy/paste script for lumma stealer
Date of Scan: September 2, 2024
Impact: High
Summary: As of August 27, 2024, fake verification pages are being used to spread Lumma Stealer malware. These pages prompt victims to paste a PowerShell script into a Run window, which then downloads and executes the Lumma Stealer EXE. The malware retrieves and uses zip archives that don’t appear malicious on their own. This attack is similar to activity reported in June 2024, detailed here: [Unit42 Timely Threat Intel](https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-24-IOCs-for-ClickFix-pushing-Lumma-Stealer.txt).