Pakistan’s National Computer Emergency Response Team (National CERT) has issued a warning about a phishing campaign that uses fake CAPTCHA images in PDF files to spread the Lumma Stealer malware, 24NewsHD TV reported.
The large-scale cyberattack has affected thousands of users in the technology, finance, and manufacturing sectors across North America, Asia, and Southern Europe.
Read More: This City in Punjab Will Get a Metro Bus Project Next
Attackers are manipulating search engine results to distribute malicious PDFs, which lead unsuspecting users to phishing sites that steal financial data or install malware.
According to the advisory, the scam works by embedding deceptive CAPTCHA images in PDFs. When users click on the images, they are redirected to fraudulent websites, where their financial details may be stolen, or their devices infected with malware through PowerShell scripts.
The attackers are hosting these PDFs on platforms like PDFCOFFEE, PDF4PRO, and Internet Archive to appear credible.
Lumma Stealer is a Malware-as-a-Service (MaaS) tool that steals login credentials, browser cookies, and cryptocurrency wallet data. It also deploys GhostSocks, a proxy malware that exploits victims’ internet connections. Stolen credentials are then sold on underground forums.
National CERT has advised organizations to educate employees on phishing risks, deploy advanced security protections, and block malicious domains. The advisory highlights the growing sophistication of cyber threats and stresses the need for stronger cybersecurity measures to prevent data breaches.
