Alert: Fake Reddit Sites Distributing Dangerous Malware.

A group of hackers has begun spreading malware known as Lumma Stealer, tricking users into clicking on links in a fake Reddit thread that supposedly resolves an issue. By selecting the link, individuals are redirected to a counterfeit WeTransfer site that mimics the legitimate service's interface. A researcher from Sekoia, crep1x, has identified the total number of sites involved in this activity and has shared a complete list of them. There are nearly 1,000 sites in total: 529 impersonate Reddit and 407 pretend to be the official WeTransfer site.

These fraudulent sites utilize a combination of random numbers and characters along with the brand name, often ending in .org or .net domains. Additionally, the hackers incorporate a fake thread on Reddit where the creator asks for help downloading a specific tool. Another user presents themselves as the one who has uploaded the file to WeTransfer and shares the download link, even thanking others for their assistance. To heighten the sense of urgency, the fake user mentions that the link will expire in a couple of days.

The researcher was unable to provide details about the initial stages of the infection, but confirmed its spread. Direct messages on social media, SEO poisoning, malicious websites, and other methods could be possible starting points for this activity. Unfortunately, the situation culminates in a Lumma Stealer payload hosted on "weighcobbweo[.]top." This malware is particularly dangerous due to its advanced data theft and evasion mechanisms. The hackers disseminate it through methods such as deepfake generator sites, comments on GitHub, and malvertising. To stay protected, it is recommended to use a good antivirus and to be cautious with links that are clicked on.