{"id":207511,"date":"2025-03-01T04:14:48","date_gmt":"2025-03-01T10:14:48","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/fake-captcha-pdfs-spread-lumma-stealer-via-webflow-godaddy-and-other-domains"},"modified":"2025-03-01T04:14:48","modified_gmt":"2025-03-01T10:14:48","slug":"fake-captcha-pdfs-spread-lumma-stealer-via-webflow-godaddy-and-other-domains","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/fake-captcha-pdfs-spread-lumma-stealer-via-webflow-godaddy-and-other-domains","title":{"rendered":"Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/fake-captcha-pdfs-spread-lumma-stealer-via-webflow-godaddy-and-other-domains.jpg\"><\/a><\/p>\n<p>Lumma Stealer is a <a href=\"https:\/\/thehackernews.com\/2025\/02\/sticky-werewolf-uses-undocumented.html\" rel=\"noopener\" target=\"_blank\">fully-featured crimeware solution<\/a> that\u2019s offered for sale under the malware-as-a-service (MaaS) model, giving a way for cybercriminals to harvest a wide range of information from compromised Windows hosts. In early 2024, the malware operators announced an integration with a Golang-based proxy malware named GhostSocks.<\/p>\n<p>\u201cThe addition of a SOCKS5 backconnect feature to existing Lumma infections, or any malware for that matter, is highly lucrative for threat actors,\u201d Infrawatch <a href=\"https:\/\/infrawatch.app\/blog\/ghostsocks-lummas-partner-in-proxy\" rel=\"noopener\" target=\"_blank\">said<\/a>.<\/p>\n<p>\u201cBy leveraging victims\u2019 internet connections, attackers can bypass geographic restrictions and IP-based integrity checks, particularly those enforced by financial institutions and other high-value targets. This capability significantly increases the probability of success for unauthorized access attempts using credentials harvested via infostealer logs, further enhancing the post-exploitation value of Lumma infections.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lumma Stealer is a fully-featured crimeware solution that\u2019s offered for sale under the malware-as-a-service (MaaS) model, giving a way for cybercriminals to harvest a wide range of information from compromised Windows hosts. In early 2024, the malware operators announced an integration with a Golang-based proxy malware named GhostSocks. \u201cThe addition of a SOCKS5 backconnect feature [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,45,418],"tags":[],"class_list":["post-207511","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-finance","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/207511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=207511"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/207511\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=207511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=207511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=207511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}