A phishing campaign targeting League of Legends World Championship fans in Europe has been discovered, spreading the Lumma Stealer malware [1] [2] [3].
Description
Cybercriminals are using malicious social media ads to direct victims to a fake LoL download page, which leads to a Bitbucket repository containing the malware [1] [2] [3]. Lumma Stealer is known for stealing sensitive information like passwords, credit card details [1], and browser session cookies [1], and it injects itself into a legitimate Windows process (bitlockertogo.exe) to evade antivirus detection [1] [3]. Over 4000 individuals have already been targeted by this campaign, prompting security experts like Bitdefender to advise users to verify URLs, avoid unofficial software sources [3], be cautious with online ads [3], and utilize security software for protection [3]. Bitdefender’s security solutions can detect and block the malicious executable as Trojan.Agent.GMTH [3], offering industry-leading protection against malicious ads [3], phishing websites [1] [3], and malware [1] [3]. Users can also benefit from features like Bitdefender Scamio for on-demand checks of potentially harmful content and enjoy uninterrupted gaming experiences with customizable user profiles and multi-layered ransomware protection.
Conclusion
This phishing campaign poses a significant threat to the security and privacy of League of Legends fans in Europe. It is crucial for users to take proactive measures to protect themselves, such as verifying URLs, avoiding unofficial software sources [3], and utilizing security software like Bitdefender. By staying vigilant and following best practices for online security, users can mitigate the risks associated with phishing attacks and malware infections.
References
[1] https://www.szechuanpalace.ca/readnews/89708/
[2] https://www.infosecurity-magazine.com/news/malicious-ads-infostealer-league/
[3] https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
