Contact

DNS Early Detection - Fast Propagating Fake Captcha distributes LummaStealer

NetmanageIT OpenCTI - opencti.netmanageit.com

DNS Early Detection - Fast Propagating Fake Captcha distributes LummaStealer



SUMMARY :

Between October 2024 and February 2025, LummaStealer malware was distributed via fake CAPTCHA pages, targeting users who store sensitive information in browsers and cryptocurrency wallets. The malware, available as a Malware-as-a-Service, collects data for fraud and unauthorized access. Threat actors use fake CAPTCHA to establish trust and initiate obfuscated scripts, leading to secondary payloads and lateral movements. Infoblox's DNS monitoring detected malicious domains an average of 46.8 days before public reports, providing early protection for customers. Given the easy access to malicious adtech services and fake CAPTCHA content, continued and increased usage by threat actors is expected.

OPENCTI LABELS :

information stealer,lummastealer,fake captcha,dns monitoring


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DNS Early Detection - Fast Propagating Fake Captcha distributes LummaStealer