Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Malicious CAPTCHA delivers Lumma and Amadey Trojans

Oct. 29, 2024, 2:56 p.m.

Description

An adware campaign targets online users by presenting them with fake CAPTCHA or update prompts, tricking them into running malicious PowerShell commands that deploy credential-stealing malware like Lumma and Amadey. The attackers leverage ad networks to redirect victims to compromised sites hosting these social engineering lures. Once executed, Lumma abuses legitimate BitLocker functionality to harvest cryptocurrency wallets, passwords, and browser data, while Amadey gathers credentials and can deploy Remcos remote access trojan.

Date

Published: Oct. 29, 2024, 2:25 p.m.

Created: Oct. 29, 2024, 2:25 p.m.

Modified: Oct. 29, 2024, 2:56 p.m.

Indicators

210a9e063211abc76ee5d4b082a207ae20627021d0ec3131963a4a1822aaf9db

Attack Patterns

Amadey - S1025

Remcos

Lumma

T1185

T1064

T1557

T1497

T1087

T1555

T1105

T1083

T1219

T1053

T1056

T1558

T1059

Additional Informations

Spain

Italy

Brazil

Russian Federation