Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

SUMMARY :

A large-scale fake captcha campaign has been distributing Lumma info-stealer malware through malvertising techniques. The campaign, relying on a single ad network, delivers over 1 million daily ad impressions, causing thousands of daily victims to lose their accounts and money. The malicious activity is propagated through a network of 3,000+ content sites funneling traffic. The campaign uses deceptive captcha pages that trick users into executing PowerShell commands, instantly installing stealer malware. The ad network Monetag, a subsidiary of PropellerAds, is identified as the primary facilitator. The threat actors leverage services like BeMob for cloaking, showcasing the fragmented accountability in the ad ecosystem. The campaign's success highlights the need for stronger proactive measures in ad networks and the importance of user caution when encountering free content online.

OPENCTI LABELS :

powershell,malvertising,lumma stealer,fake captcha


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising