EXPOSED: OnlyFans Hack Gone Wrong - How Cyber Criminals Turn into Victims Overnight
Sept. 6, 2024, 9:48 a.m.
Tags
External References
Description
A sophisticated operation has been uncovered that turns aspiring OnlyFans hackers into victims. A user named Bilalkhanicom offered a tool to 'check' OnlyFans accounts on a hacking forum, which turned out to be a delivery system for Lummac stealer malware. This malware, developed by a threat actor known as 'Shamel' or 'Lumma', targets cryptocurrency wallets, 2FA browser extensions, and sensitive information. The malware connects to a GitHub account named 'UserBesty' to download additional payloads. The operation extends beyond OnlyFans, targeting Disney+, Instagram, and botnet aspiring hackers. The malware's architecture hints at potential geopolitical connections, with folder names suggesting global influences. Several recently created .shop domains serve as command-and-control servers for the malware.
Date
Published: Sept. 6, 2024, 9:46 a.m.
Created: Sept. 6, 2024, 9:46 a.m.
Modified: Sept. 6, 2024, 9:48 a.m.
Indicators
traineiwnqo.shop
stamppreewntnq.shop
stagedchheiqwo.shop
ponintnykqwm.shop
millyscroqwp.shop
locatedblsoqp.shop
caffegclasiqwp.shop
evoliutwoqm.shop
condedqpwqm.shop
Attack Patterns
Lummac stealer
Bilalkhanicom
T1010
T1539
T1018
T1012
T1497
T1573
T1574
T1564
T1106
T1082
T1083
T1071
T1055
T1036
T1027
T1485
T1056
T1562
T1059