If you ever wanted to play popular hit blockbusters like Black Myth: Wukong without paying a dime, you might want to think again. After all, everything has its price; even if you have to pay it with sensitive personal information. The antivirus company McAfee report revealed that a sophisticated Captcha scam conceals malware designed to steal passwords and other information from unsuspecting gamers. One of said malware hidden behind a fake Captcha in suspicious websites is called Lumma Stealer.
How Does the Malware Concealing Captcha Work? Explained
This Lumma Stealer Captcha malware scam operates by luring gamers to shady websites, promising access to free cracked pirated games. The malicious links are shared not just directly from a website page, but also in online forums, community posts, or public repositories. Fake emails that impersonate Github contributors are used as one of the main methods of spreading the virus as well.
Once there, they are presented with a Captcha challenge, a common security measure to verify that the user is human and not a bot. However, after the “I’m not a robot” button is clicked, a PowerShell script is automatically copied to their clipboard. The visitor is then told to press seemingly innocuous button combinations that’ll end up pasting the script and unknowingly executing the Lumma Stealer malware.
At that point, the Lumma Stealer virus infiltrated the user’s system, stealing any personal information that it came across. Of course, the implications of this Captcha malware scam are far-reaching. Stolen and compromised sensitive information can be used to claim financial assets while its widespread leads to a larger network of infected devices.
According to the McAfee report, the attack has spread “across the globe” with four countries affected most seriously:
- India.
- Indonesia.
- Egypt.
- Spain.
This Lumma Stealer Captcha malware scam incident serves as a reminder of the risks associated with seeking out pirated games. Players have to remember the importance of good cybersecurity practices, such as using legal and reputable download sources and keeping wide eyes open against malware. Just like those claims of “free Robux,” if it seems too good to be true, it probably is– especially in this digital age.
