Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

Aug. 1, 2024, 11:02 a.m.

Tags
phishing
credential theft
lumma
2024-08-01
External References
Description

An examination of how threat actors hijack social media pages, rename them to resemble legitimate AI photo editors, and post malicious links to fake websites promoted through paid ads. The links trick users into installing endpoint management software, allowing the execution of credential stealers like Lumma Stealer to exfiltrate sensitive data.

Date

Published: Aug. 1, 2024, 10:46 a.m.

Created: Aug. 1, 2024, 10:46 a.m.

Modified: Aug. 1, 2024, 11:02 a.m.

Indicators

ec9da3c0ec75f89f76514155ad4b8900f7a9a726c0c7d17b797f9b1facdc8363

f2782ed28005af0cbc2d242faef16d352b04ba6f654d8d16477c6b5360fff981

e9ab13c12e16a1f6d1aeac21b000336979ac33f08ef4fe0c0de79a74bd903024

dbe0e8928f89e29c01245ba51638eb3c86a64ec85a5fbc846e4980630edb30de

daa03bec4eab760916059e796627357c480e5c7476c21e549ff2b7ff52597999

d66586c15ba491a1f30273a0598da458bcc5b4a71407ba146206316dced0a969

d43c8152d85c01429e01ad4d6cb4b3af9b0bfc03da2026d293c5a9d055fa3424

ce416d42fca8e86a84b4257c1d51f79c371d90457d016c397439e09983a3d40a

d3649001232536a97e473f5e26ea8ac59672132666c099baec41f438f2e7298d

cb1ac980514a5460e2f62c4006c39ea7b8d8cecf20037f367ae4176ddd739f5f

c7ff2ba573d7ed7430e4d17afbe373581c88a6b5f46a431938e4791702d2a03a

b55c3359e007e38513cbe7f9739c99525c9724cb02b805e54260abd91219cd3e

b187584e5d168a6e64fc2e84fc6416e199231ccdc985374c72013b64a2e7591c

a48d15cc79993f280af4121ed6b301a6dee3882e39936b5f2d90a0d4b41e119d

a1900395acfbdc9913d9368d05a9976ff2547dd560f53786d3c2fbcae3478ef9

9ca5fd6ca3630902ab0e20c8a0341d72e810af919e1267a5074d08cc2b0c935c

860013af5b467273458f9207a21fb9228a0aa572cd20fa53bd1a527c6822c9d5

83b1dbc812f27b5d1e6f3d410f4e1f1aebc249862f730610158366821887f4fa

82b6c9d6b8ac992c765c27517592173214fb2cdbefbc17234b938c397740720d

818cfee8c60eb62553d1522567259385603559137088fbefc1fd13d53e36568f

81070e1704f7bf29ab2b79255cbe4cc29fe06c5b82d35c6521e1f8198d47ea4a

7bfeb7076c8aaaf05ebb05a13835f34038b11964c999c15951026334e60b772f

772b52bf105a4fbabea5bc6bdb6599dc29f4560ff512288e12dbb539e8d4234b

77d09bac89e1cccd15534649c8968005e093efadeb790725daea0c946affca42

65157cf38ddf42b9ae78b7c1284cd67652c13d4a3038fcb10f3f0e1b9aed07f2

5d4a3078622db5997016f0d6c699ab524622cc674cddf0721ecc3b4678d31bb6

50e5f670700243535f8ff558831dbbc314b215092f523355aa7a1c26205ece37

48d0b40658c98c0e3c05b9509afc822dddaeeb416967dc30df16feb53c79015d

39911cb88baf9f5b462ec5081ba58576b1a65c2aa4b3fa1b0c90e6caee0bf81e

36283a18c88b98e485a2fbe6a37d297d5d90294f5945497034c951d09c4a7f89

34e7793b53098cf704956b46b5e5e251aa106086ab70aa9eda19fab38f62a13b

310c711c095554f75406a26c1c2193d4daa7f05e1dc496ed2fb3e4546c3e74a8

2f9646f18d3c0d5990e732f1f4288a8a05c1dac01c1a2a0d504f74692b787e71

24049e34227ef86da65c5a6621cc2333a3e6dc0e12a282ec3635f12f9b570d52

26e8003f9e7046c4d776ed59cbaa6e61a8abecf519f731c2d3e8b7ea31ed0d3f

21ab7330d8df5a5bb80d9b5f8c360db4a5168c1fc5386a4f05b4bdbb29e64461

0f053000273e48280e6293dbc665e5d73b2197d4d9d8556be687e5aae32b70f5

0cc0663e4c4510649ac20acad9fb057bf75c9ac3845dec699a143c48a19e477e

0e70afbd7b2518b7abf718d09597fa8dc26d2e40f4247e3dc6903117a20cd11c

00268a313003939f7ac6aaaf2f8c9628814c74b5804042e514f9b35781797d62

058d890b17c9b28e30255e079fd228f846e669e3d167e61174d7483d7b1755a0

0b348cd7d3e4ac0137be8617f3d78c88406a95c389de0e20317cd4b7b21d1241

https://tinyurl.com/36ahx3es

https://dtg-help-277.pages.dev/

https://zoro-api.vlhentaiz.com/LoginProcess/

https://usop-api.vlhentaiz.com/LoginProcess/

https://tokyo-api.vlhentaiz.com/LoginProcess/

https://techsupportcenter1902.click

https://support-team-account.fbb2024-20.click/

https://metaverifybusiness.sp247.click/

https://linkup.top/metateamsupport.com

https://linkup.top/helpcenteraccount.us

https://linkup.top/businesshelpaccount.us

https://businesscenter.fbb16.click/

zoro-api.vlhentaiz.com

tokyo-api.vlhentaiz.com

usop-api.vlhentaiz.com

support-team-account.fbb2024-20.click

metaverifybusiness.sp247.click

businesscenter.fbb16.click

techsupportcenter1902.click

supportproteam.com

metateamsupport.com

linkup.top

importancedopz.shop

helpcenteraccount.us

evotophoto.com

evotoforpc.net

businesshelpaccount.us

applyzxcksdia.shop

aggiledpozm.shop

warrantelespsz.shop

outpointsozp.shop

Download all indicators here!

Attack Patterns

Lumma

T1586.001

T1217

T1119

T1566.002

T1005

T1082

T1083

T1020

T1219

T1140

T1560

T1562

T1003