VERY IMPORTANT

Between October 2024 and February 2025, LummaStealer malware was distributed via fake CAPTCHA pages, targeting users who store sensitive information in browsers and cryptocurrency wallets. LummaStealer, available as Malware-as-a-Service, collects data for fraud and unauthorized access. Fake CAPTCHA pages deceive users into executing commands that download evasive files. Infoblox monitored threat actor infrastructure by analyzing DNS traffic, providing early detection of malicious domains an average of 46.8 days before public reports. The use of fake CAPTCHAs in malicious adtech schemes, involving operators and advertisers, was also highlighted. These sophisticated tactics pose significant risks to individuals and organizations.