Malicious CAPTCHA delivers Lumma and Amadey Trojans

Oct. 29, 2024, 2:56 p.m.

Description

An adware campaign targets online users by presenting them with fake CAPTCHA or update prompts, tricking them into running malicious PowerShell commands that deploy credential-stealing malware like Lumma and Amadey. The attackers leverage ad networks to redirect victims to compromised sites hosting these social engineering lures. Once executed, Lumma abuses legitimate BitLocker functionality to harvest cryptocurrency wallets, passwords, and browser data, while Amadey gathers credentials and can deploy Remcos remote access trojan.

External References

https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/
https://otx.alienvault.com/pulse/6720f045401542b5aa46c588
Tags
malvertising
adware
remcos
amadey
infostealers
social-engineering
lumma
captcha
2024-10-29

Date

  • Created: Oct. 29, 2024, 2:25 p.m.
  • Published: Oct. 29, 2024, 2:25 p.m.
  • Modified: Oct. 29, 2024, 2:56 p.m.

Indicators

  • 210a9e063211abc76ee5d4b082a207ae20627021d0ec3131963a4a1822aaf9db
Download all indicators here!

Attack Patterns

  • Amadey - S1025
  • Remcos
  • Lumma

Additional Informations

  • Spain
  • Italy
  • Brazil
  • Russian Federation