Fake Reddit sites found pushing Lumma Stealer malware

News
By
published

Hackers are faking Reddit threads, trying to trick users into downloading malware

A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
(Image credit: Getty Images)
  • Security researchers discover hundreds of fake Reddit and WeTransfer pages
  • These are used in an elaborate scheme to deploy the Lumma Stealer
  • The pages are well-built and probably distributed via SEO poisoning and malicious landing pages

There are hundreds of fake Reddit and WeTransfer websites out there, all designed to trick people into downloading and running the Lumma Stealer malware, experts have warned.

Cybersecurity researchers from Sekoia have shared a complete list of the pages on GitHub, which includes 59 fake Reddit pages, and 407 fake WeTransfer pages.

The tactic is simple: the fake Reddit page displays a thread in which a person asks help finding a specific piece of software. One of the responses shares a link to the fake WeTransfer page, where the tool can be downloaded. Other people in the thread share their thanks for the contribution, and the discussion continues.

Targeting forensic analysts

The researchers could not say for certain how victims end up on these pages, but it’s safe to assume there is a little SEO poisoning, malicious landing pages, or instant messaging communication involved.

The choice of fake software is also curious. Usually, that is where researchers could find clues to who the targets are. If the attackers are faking software development tools, the targets are devs. If they’re faking games, crypto wallets, or Discord clients, the targets are retail buyers in the Web3 space.

In the example shared by Sekoia researchers, the attackers went for OpenText Encase Forensic - a tool used for scanning, collecting, and securing forensic data for law enforcement, government agency and corporate investigations. This is not exactly software the police, cybersecurity pros, or enterprises would pirate, and also not something average internet users would need.

Both the Reddit and WeTransfer pages were designed to look almost identical to the originals. Their URLs both contain brand names, followed by random numbers and characters. They are both on .org and .net top-level domains, further boosting their legitimacy.

However, clicking the download button on the WeTransfer one leads to Lumma Stealer hosted on “weighcobbweo[.]top.”

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
Magnifying glass enlarging the word 'malware' in computer machine code
Fake CAPTCHA pages used to spread infostealer malware
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Representational image depecting cybersecurity protection
Fake video conferencing apps are targeting Web3 workers to steal their data
An abstract image of digital security.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
A white padlock on a dark digital background.
Developers targeted by malicious Microsoft VSCode extensions
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
An operator fires a saw blade from a weapon
Call of Duty: Black Ops 6 Season 3 gets two-week delay, will now release in April
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
The new Apple iPad (A16)

Even without Apple Intelligence, the new iPad is still one of the best tablets you can buy
See more latest
Most Popular
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Copilot on a laptop
Microsoft quietly updates Copilot to cut down on unauthorized Windows activations
Shure MoveMic 88+ lifestyle image
Shure's tiny MoveMic 88+ gives creators a cheap and easy way to record crystal clear audio on a smartphone
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
Vado SL 2
Specialized says calling its new Vado SL 2 Alloy an e-bike is still an insult – here's why
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Next-Gen Google TV
Google TV's Gemini Live support and other updates seemingly confirmed by new user survey – here's what to expect
iPad Air M3
Apple makes one hardware change to the iPad Air that might be the best indicator of its true lightweight tablet intentions