Hackers are currently using a dangerous type of malware called Lumma Stealer to target victims by tricking them into clicking on deceptive links in fake Reddit threads. According to Bleeping Computer, these threads promise to solve specific problems, but once you click the link, you’re redirected to a fake WeTransfer website that closely resembles the real one.
Sekoia Researcher crep1x discovered nearly 1,000 fake websites involved in spreading this malware. These sites are made to look like either Reddit or WeTransfer and often use random numbers and characters in their URLs. The fake sites typically end with a .org or .net domain, making them look more convincing.
In one common scam, a fake Reddit thread is created where a user asks for help downloading a specific tool. A supposed helper then claims to have uploaded the file to WeTransfer and shares a link, which has a sense of urgency attached—stating that the link will expire in two days. This tactic is designed to pressure the victim into clicking the link.
While crep1x couldn’t pinpoint how the infection typically starts, it’s likely spread through various channels like direct social media messages, malicious websites, or SEO poisoning—where the malware is injected into popular search results. Ultimately, the attack leads to a Lumma Stealer payload being hosted on a domain called weighcobbweo[.]top.
What makes Lumma Stealer particularly dangerous is its advanced data theft capabilities. It uses sophisticated methods to evade detection and steal sensitive information, making it more harmful. This malware is being spread through various means, including deepfake nude generator websites, GitHub comments, and even malvertising (ads that lead to malicious sites).
To protect yourself, it’s essential to stay cautious about the links you click on. Using a reliable antivirus software can also provide an extra layer of protection against such attacks. Always double-check the URLs and be wary of any sense of urgency created in suspicious messages or threads.