https://www.techjuice.pk/ncert-warns-of-lumma-stealer-malware-spread-through-fake-captcha-pdfs/

https://www.samaa.tv/2087329922-advisory-issued-for-organisations-to-protect-against-deceptive-pdfs-and-malicious-websites

The National Computer Emergency Response Team (NCERT), The Pakistan government’s national cybersecurity agency issued a large-scale warning concerning the presence of a new phishing campaign that has targeted tech, financial services and manufacturing in North America, Asia and parts of Europe. According to TechJuice, the phishing campaign employs and spreads Lumma Stealer malware via “fake CAPTCHA images embedded in PDF files.” Further to this, according to TechJuice,

“Cybercriminals are leveraging search engine manipulation to distribute malicious PDFs that redirect users to deceptive websites. These sites either capture sensitive financial information or deploy Lumma Stealer malware through PowerShell scripts using MSHTA commands. The PDFs, hosted on platforms such as PDFCOFFEE, PDF4PRO, and Internet Archive, appear legitimate in search results, increasing the risk of users falling victim to the scam.

Lumma Stealer, a Malware-as-a-Service (MaaS) tool, is capable of extracting login credentials, browser cookies, and cryptocurrency wallet information. Additionally, it installs GhostSocks, a proxy malware that exploits victims’ internet connections. Stolen data is reportedly being sold on underground forums like Leaky[.]pro. Malicious domains linked to this campaign include pdf-freefiles[.]com, webflow-docs[.]info, secure-pdfread[.]site, and docsviewing[.]net.”