EXPOSED: OnlyFans Hack Gone Wrong - How Cyber Criminals Turn into Victims Overnight
Sept. 6, 2024, 9:48 a.m.
Description
A sophisticated operation has been uncovered that turns aspiring OnlyFans hackers into victims. A user named Bilalkhanicom offered a tool to 'check' OnlyFans accounts on a hacking forum, which turned out to be a delivery system for Lummac stealer malware. This malware, developed by a threat actor known as 'Shamel' or 'Lumma', targets cryptocurrency wallets, 2FA browser extensions, and sensitive information. The malware connects to a GitHub account named 'UserBesty' to download additional payloads. The operation extends beyond OnlyFans, targeting Disney+, Instagram, and botnet aspiring hackers. The malware's architecture hints at potential geopolitical connections, with folder names suggesting global influences. Several recently created .shop domains serve as command-and-control servers for the malware.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 6, 2024, 9:46 a.m. | Sept. 6, 2024, 9:46 a.m. | Sept. 6, 2024, 9:48 a.m. |
Attack Patterns
Lummac stealer
Bilalkhanicom
T1010
T1539
T1018
T1012
T1497
T1573
T1574
T1564
T1106
T1082
T1083
T1071
T1055
T1036
T1027
T1485
T1056
T1562
T1059