Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
Dec. 18, 2024, 6:38 p.m.
Tags
External References
Description
A large-scale fake captcha campaign has been distributing Lumma info-stealer malware through malvertising techniques. The campaign, relying on a single ad network, delivers over 1 million daily ad impressions, causing thousands of daily victims to lose their accounts and money. The malicious activity is propagated through a network of 3,000+ content sites funneling traffic. The campaign uses deceptive captcha pages that trick users into executing PowerShell commands, instantly installing stealer malware. The ad network Monetag, a subsidiary of PropellerAds, is identified as the primary facilitator. The threat actors leverage services like BeMob for cloaking, showcasing the fragmented accountability in the ad ecosystem. The campaign's success highlights the need for stronger proactive measures in ad networks and the importance of user caution when encountering free content online.
Date
Published: Dec. 18, 2024, 5:31 p.m.
Created: Dec. 18, 2024, 5:31 p.m.
Modified: Dec. 18, 2024, 6:38 p.m.
Indicators
xxxx.bmtrck.com
sos-ch-gva-2.sos-cdn.net
yourtruelover.com
bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com
westreamdaily.com
verticbuzz.com
vanshitref.com
tunneloid.com
travelwithandrew.xyz
trailsift.com
tracksvista.com
techstalone.com
tagsflare.com
taketheright.com
streamingszone.com
startingdestine.com
stephighs.com
spotconningo.com
sheenglathora.com
servinglane.com
secureporter.com
satisfiedweb.com
restoindia.me
regsigara.com
reachorax.com
privatox.com
privatemeld.com
offerztodayforu.com
offerzforu.com
nowuseemi.com
mytecbiz.org
nettrilo.com
mediamanagerverif.com
marimarbahamas.me
latestgadet.com
insigelo.com
impressflow.com
glidronix.com
getcodavbiz.com
gawanjaneto.com
freeofapps.com
foodrailway.cfd
fingerboarding.com
fiare-activity.com
clovixo.com
cloud-checked.com
cdn-downloads-now.xyz
boltsreach.com
adstrails.com
chromeupdates.com
Attack Patterns
Lumma
T1056.004
T1568
T1608.001
T1102.002
T1132.001
T1185
T1059.001
T1566.002
T1056.001
T1071.001
T1204.002