The infamous Lumma Stealer malware is back with a new campaign, ready to steal your data. This time, the scammers are using thousands of fake Reddit and WeTransfer web pages that lead straight to the malware—but look incredibly convincing.
Watch Out For These Malware-Infested Fake Reddit Pages
Security analyst @crep1x uncovered the new Lumma Stealer campaign and uploaded a full list of compromised domains to GitHub. At the time of publication, there were more than 500 hundred pages impersonating Reddit and more than 400 masquerading as WeTransfer—all containing downloads links to the malware.
The victims are served links to the fake Reddit pages using a number of techniques. For example, Google Notebooks hosting a link to the malicious page rank in Google Search, which direct the unsuspecting user to a WeTransfer site hosting the Lumma Stealer payload.
Once the malware is installed, it steals data for use on other platforms or sale on dark web forums. However, there is a slight reprieve for some potential victims. Crep1x notes that “requests must come from a system considered a potential victim”; otherwise, you’ll be redirected to a legitimate web page.
But as good as that sounds, it’s not worth relying on as a security method.
Info-Stealer Malware Is Dangerous—and Everywhere
This malware campaign using Lumma Stealer is far from the first to take aim at your private data. Scammers previously used this malware in a fake CAPTCHA scheme. It was also one of the common malware types used in fake ChatGPT apps.
So, while this malware scam uses Reddit and WeTransfer pages as bait, it’s far from unique in its use of Lumma Stealer.
