A recent cybersecurity analysis revealed a major phishing campaign using fraudulent CAPTCHA images embedded in PDF files, specifically hosted on Webflow's CDN, to deploy Lumma malware. Netskope Threat Labs identified 260 unique domains and over 5,000 phishing PDFs, affecting more than 7,000 users across various sectors. Attackers leverage SEO methods to lure victims, using misleading search results, while some PDFs redirect users to fake verification pages, ultimately executing malicious PowerShell commands that install the stealer malware. This tactic has significantly targeted organizations in North America, Asia, and Southern Europe.
While most phishing pages focus on stealing credit card information, some PDF files contain fake CAPTCHAs that trick victims into executing malicious PowerShell commands, ultimately leading to the Lumma Stealer malware.
The attacker uses SEO to trick victims into visiting the pages by clicking on malicious search engine results.
Collection
[
|
...
]