Fake CAPTCHA Lures Victims: Lumma Stealer Abuses Clipboard and PowerShell
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new malware campaign using fake CAPTCHA pages to deliver Lumma Stealer has been identified. The attack leverages ClickFix, a deceptive tactic involving phishing and fake reCAPTCHA pages impersonating Cloudflare verification. The infection chain begins with a fake CAPTCHA page tricking victims into running malicious commands copied to their clipboard. This launches mshta.exe, which executes a VBScript to run PowerShell commands. These commands download and execute a malicious payload, which acts as a loader for Lumma Stealer. The attack uses various evasion techniques, including anti-debugging measures and code injection. The stealer captures screen data, extracts clipboard information, and exfiltrates stolen data through multiple command-and-control servers.
OPENCTI LABELS :
lumma stealer,clickfix,fake captcha
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Fake CAPTCHA Lures Victims: Lumma Stealer Abuses Clipboard and PowerShell