DNS Early Detection - Fast Propagating Fake Captcha distributes LummaStealer
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Between October 2024 and February 2025, LummaStealer malware was distributed via fake CAPTCHA pages, targeting users who store sensitive information in browsers and cryptocurrency wallets. LummaStealer, available as Malware-as-a-Service, collects data for fraud and unauthorized access. Fake CAPTCHA pages deceive users into executing commands that download evasive files. Infoblox monitored threat actor infrastructure by analyzing DNS traffic, providing early detection of malicious domains an average of 46.8 days before public reports. The use of fake CAPTCHAs in malicious adtech schemes, involving operators and advertisers, was also highlighted. These sophisticated tactics pose significant risks to individuals and organizations.
OPENCTI LABELS :
information stealer,lummac2,malware-as-a-service,lummastealer,early detection,fake captcha,malicious domains,dns traffic analysis,adtech
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
DNS Early Detection - Fast Propagating Fake Captcha distributes LummaStealer