Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
Aug. 1, 2024, 11:02 a.m.
Tags
External References
Description
An examination of how threat actors hijack social media pages, rename them to resemble legitimate AI photo editors, and post malicious links to fake websites promoted through paid ads. The links trick users into installing endpoint management software, allowing the execution of credential stealers like Lumma Stealer to exfiltrate sensitive data.
Date
Published: Aug. 1, 2024, 10:46 a.m.
Created: Aug. 1, 2024, 10:46 a.m.
Modified: Aug. 1, 2024, 11:02 a.m.
Indicators
ec9da3c0ec75f89f76514155ad4b8900f7a9a726c0c7d17b797f9b1facdc8363
f2782ed28005af0cbc2d242faef16d352b04ba6f654d8d16477c6b5360fff981
e9ab13c12e16a1f6d1aeac21b000336979ac33f08ef4fe0c0de79a74bd903024
dbe0e8928f89e29c01245ba51638eb3c86a64ec85a5fbc846e4980630edb30de
daa03bec4eab760916059e796627357c480e5c7476c21e549ff2b7ff52597999
d66586c15ba491a1f30273a0598da458bcc5b4a71407ba146206316dced0a969
d43c8152d85c01429e01ad4d6cb4b3af9b0bfc03da2026d293c5a9d055fa3424
ce416d42fca8e86a84b4257c1d51f79c371d90457d016c397439e09983a3d40a
d3649001232536a97e473f5e26ea8ac59672132666c099baec41f438f2e7298d
cb1ac980514a5460e2f62c4006c39ea7b8d8cecf20037f367ae4176ddd739f5f
c7ff2ba573d7ed7430e4d17afbe373581c88a6b5f46a431938e4791702d2a03a
b55c3359e007e38513cbe7f9739c99525c9724cb02b805e54260abd91219cd3e
b187584e5d168a6e64fc2e84fc6416e199231ccdc985374c72013b64a2e7591c
a48d15cc79993f280af4121ed6b301a6dee3882e39936b5f2d90a0d4b41e119d
a1900395acfbdc9913d9368d05a9976ff2547dd560f53786d3c2fbcae3478ef9
9ca5fd6ca3630902ab0e20c8a0341d72e810af919e1267a5074d08cc2b0c935c
860013af5b467273458f9207a21fb9228a0aa572cd20fa53bd1a527c6822c9d5
83b1dbc812f27b5d1e6f3d410f4e1f1aebc249862f730610158366821887f4fa
82b6c9d6b8ac992c765c27517592173214fb2cdbefbc17234b938c397740720d
818cfee8c60eb62553d1522567259385603559137088fbefc1fd13d53e36568f
81070e1704f7bf29ab2b79255cbe4cc29fe06c5b82d35c6521e1f8198d47ea4a
7bfeb7076c8aaaf05ebb05a13835f34038b11964c999c15951026334e60b772f
772b52bf105a4fbabea5bc6bdb6599dc29f4560ff512288e12dbb539e8d4234b
77d09bac89e1cccd15534649c8968005e093efadeb790725daea0c946affca42
65157cf38ddf42b9ae78b7c1284cd67652c13d4a3038fcb10f3f0e1b9aed07f2
5d4a3078622db5997016f0d6c699ab524622cc674cddf0721ecc3b4678d31bb6
50e5f670700243535f8ff558831dbbc314b215092f523355aa7a1c26205ece37
48d0b40658c98c0e3c05b9509afc822dddaeeb416967dc30df16feb53c79015d
39911cb88baf9f5b462ec5081ba58576b1a65c2aa4b3fa1b0c90e6caee0bf81e
36283a18c88b98e485a2fbe6a37d297d5d90294f5945497034c951d09c4a7f89
34e7793b53098cf704956b46b5e5e251aa106086ab70aa9eda19fab38f62a13b
310c711c095554f75406a26c1c2193d4daa7f05e1dc496ed2fb3e4546c3e74a8
2f9646f18d3c0d5990e732f1f4288a8a05c1dac01c1a2a0d504f74692b787e71
24049e34227ef86da65c5a6621cc2333a3e6dc0e12a282ec3635f12f9b570d52
26e8003f9e7046c4d776ed59cbaa6e61a8abecf519f731c2d3e8b7ea31ed0d3f
21ab7330d8df5a5bb80d9b5f8c360db4a5168c1fc5386a4f05b4bdbb29e64461
0f053000273e48280e6293dbc665e5d73b2197d4d9d8556be687e5aae32b70f5
0cc0663e4c4510649ac20acad9fb057bf75c9ac3845dec699a143c48a19e477e
0e70afbd7b2518b7abf718d09597fa8dc26d2e40f4247e3dc6903117a20cd11c
00268a313003939f7ac6aaaf2f8c9628814c74b5804042e514f9b35781797d62
058d890b17c9b28e30255e079fd228f846e669e3d167e61174d7483d7b1755a0
0b348cd7d3e4ac0137be8617f3d78c88406a95c389de0e20317cd4b7b21d1241
https://tinyurl.com/36ahx3es
https://dtg-help-277.pages.dev/
https://zoro-api.vlhentaiz.com/LoginProcess/
https://usop-api.vlhentaiz.com/LoginProcess/
https://tokyo-api.vlhentaiz.com/LoginProcess/
https://techsupportcenter1902.click
https://support-team-account.fbb2024-20.click/
https://metaverifybusiness.sp247.click/
https://linkup.top/metateamsupport.com
https://linkup.top/helpcenteraccount.us
https://linkup.top/businesshelpaccount.us
https://businesscenter.fbb16.click/
zoro-api.vlhentaiz.com
tokyo-api.vlhentaiz.com
usop-api.vlhentaiz.com
support-team-account.fbb2024-20.click
metaverifybusiness.sp247.click
businesscenter.fbb16.click
techsupportcenter1902.click
supportproteam.com
metateamsupport.com
linkup.top
importancedopz.shop
helpcenteraccount.us
evotophoto.com
evotoforpc.net
businesshelpaccount.us
applyzxcksdia.shop
aggiledpozm.shop
warrantelespsz.shop
outpointsozp.shop
Attack Patterns
Lumma
T1586.001
T1217
T1119
T1566.002
T1005
T1082
T1083
T1020
T1219
T1140
T1560
T1562
T1003