Blog / Research

Websites poisoned with Fake Captcha Leading to Lumma Stealer 29 Apr
  • By Mageshwaran B
  • phishing, lummastealer, fakecaptcha, amsi_bypass
  • 8 Likes
  • 0 Comments
  • 1 Shares

Websites poisoned with Fake Captcha Leading to Lumma Stealer

Since Q1’ 2025 we found that the Threat Actor leveraging Cloudflare themed Fake Captcha to Inject into legit sites leading to Drop LummaStealer. Where the Malware author used various obfuscation and encryption methods to evade the detections from AV vendors

Unveiling APT36, Spreading Documents Employs Pahalgam Attack Theme 26 Apr
  • By Gurumoorthi
  • stealer, crimsonRAT, phishing
  • 7 Likes
  • 0 Comments
  • 2 Shares

Unveiling APT36, Spreading Documents Employs Pahalgam Attack Theme

From 24’ April’2025, We observed Pakistan-Aligned Threat Actor called as TransparentTribe spreading Phishing PPT & PDF in Pahalgam Attack Themes. Phishing PDF shows that the target might be an Indian Government along with the normal Victim people. Though the infection chain looks simple, the PDF and PPT seems very promising to lure the user to click on the links and has embedded login page asks for the credentials ‘gov.in’ and ‘nic.in’ mail ids.

Categories

Tags

agenttesla amsi_bypass braodo crimson crimsonRAT dropper fakecaptcha github lummastealer memory_injection phishing python_obfuscation remcosrat stealer telegram_bot xwormrat