A new wave of cyberattacks leveraging fake CAPTCHA verification pages is targeting Windows users in India, distributing the Lumma Stealer malware.
This sophisticated campaign employs social engineering tactics and advanced evasion techniques, posing a significant threat to individuals and organizations across various sectors.
The Modus Operandi
Lumma Stealer, an information-stealing malware operating under a Malware-as-a-Service (MaaS) model, has been active since its discovery in 2022.
Recent campaigns have seen attackers creating phishing websites that mimic legitimate CAPTCHA verification pages.
These fake pages instruct users to perform seemingly harmless actions, such as copying and pasting commands into the Windows Run dialog box.
However, these commands execute malicious PowerShell scripts that download and install the Lumma Stealer malware on the victim’s system.
The malware is designed to extract sensitive data, including passwords, cookies, cryptocurrency wallet credentials, and system information.
It operates stealthily by employing techniques like Base64 encoding and clipboard manipulation to evade detection.
Once installed, Lumma Stealer establishes a connection with attacker-controlled servers to exfiltrate the stolen data securely.
Widespread Impact in India
India has emerged as a primary target for this campaign due to the malware’s affordability and effectiveness.
Sold on underground forums for as little as $10 per target, Lumma Stealer has become a favorite tool among cybercriminals.
Its constant updates and evolving capabilities make it a formidable threat, contributing to rising infection rates and data breaches in the region.
Lumma Stealer employs advanced evasion techniques to avoid detection by security systems.
For instance, it uses trigonometric calculations to mimic human-like mouse movements, distinguishing between real user activity and automated analysis environments.
Additionally, the malware leverages fileless execution methods and modifies system registries to ensure persistence on infected devices.
Recent updates have introduced further complexities, such as using the ChaCha20 encryption cipher for secure data transmission.
According to the Foresiet these enhancements make it increasingly challenging for cybersecurity professionals to analyze and mitigate the threat.
To counter this growing menace, experts recommend the following measures:
- User Awareness: Educate users about phishing tactics and the risks of executing unknown commands.
- Endpoint Protection: Deploy robust security solutions capable of detecting PowerShell-based attacks.
- Regular Updates: Ensure all software and systems are patched to address vulnerabilities.
- Network Monitoring: Analyze network traffic for suspicious activities linked to malicious domains.
- Restrict Privileges: Limit administrative access on devices to minimize potential damage from infections.
The Lumma Stealer campaign highlights the evolving sophistication of cyber threats targeting Indian users.
By exploiting trust in CAPTCHA systems and employing advanced evasion techniques, attackers have created a highly effective malware distribution method.
Organizations must prioritize cybersecurity awareness and adopt proactive defense strategies to mitigate the risks posed by this persistent adversary.
