Summary: Threat actors are leveraging fraudulent booking websites to distribute LummaStealer, an info-stealer malware, in a new campaign targeting travelers worldwide. This evolution in tactics includes deceptive CAPTCHA verifications that prompt users to execute hidden malware payloads. With increased file sizes and advanced evasion techniques, LummaStealer could become a significant cybersecurity threat resembling well-known malware families like Emotet.
Affected: Travelers using online booking platforms
Keypoints :
- Fake booking websites are being used to distribute LummaStealer, expanding its attack vectors.
- Victims are tricked into executing a PowerShell command to download the malware through misleading CAPTCHA prompts.
- LummaStealer has increased complexity and evasion techniques, including Binary Padding and Indirect Control Flow Obfuscation, making it harder to detect.