![\"Windows](\"https:\/\/wp.timesamerica.net\/wp-content\/uploads\/2024\/10\/windows-users-are-being-tricked-by-sneaky-malware-scheme.jpg\")
<\/picture><\/div>\nA woman working on her Windows laptop<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n Cloudsek researchers found<\/u><\/span> more details on a new, clever way hackers are spreading the Lumma Stealer malware. They\u2019re targeting Windows users with fake human verification pages. Palo Alto Networks\u2019 Unit 42 first reported these fake pages, pointing out how they\u2019re being used to spread malware.<\/p>\n “These pages have a button that, when clicked, shows instructions for victims to paste PowerShell script into a Run window. This copy\/paste PowerShell script retrieves and runs a Windows EXE for Lumma Stealer malware,” Unit 42 threat hunter Paul Michaud II explained.<\/p>\n The latest investigation by Cloudsek uncovers more active malicious sites spreading the Lumma Stealer. Researchers explained that when you click the “I\u2019m not a robot” button on the fake verification page, a PowerShell script is copied to your clipboard. If you paste this command into the Run dialog box, it triggers PowerShell in a hidden window and runs a Base64-encoded command. <\/p>\n This command retrieves more instructions from a text file on a remote server, which then downloads the Lumma Stealer malware. If the downloaded file, named “dengo.zip,” is unzipped and run on a Windows computer, the Lumma Stealer becomes active, connecting to attacker-controlled domains. The researchers also mentioned that the malware delivered through this page can be easily switched out for other malicious files.<\/p>\n Malicious site spreading the Lumma Stealer (PAN Unit 42)<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n CYBERSCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS<\/u><\/strong><\/span><\/p>\n Make sure your Windows system, browsers and antivirus software are regularly updated to protect against known vulnerabilities. Software updates often include patches for security vulnerabilities that hackers exploit. By keeping your operating system, browsers and apps up to date, you’re closing these gaps and making it harder for malware to get in. To update your Windows software and benefit from the latest security patches, follow these simple steps:<\/p>\n Windows laptop on a table<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n DON\u2019T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP<\/u><\/strong><\/span><\/p>\n 1) Use strong antivirus software<\/strong>: A good antivirus software can help detect and block threats like Lumma Stealer before they can cause damage. Avoid clicking on suspicious or unfamiliar links, especially from emails or websites asking for human verification. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices<\/u><\/span>.<\/p>\n 2) Check CAPTCHA pages<\/strong>: Legitimate Google CAPTCHA pages won\u2019t ask you to download files or paste commands. If something feels off, exit the page.<\/p>\n 3) Avoid running unexpected commands<\/strong>: Never paste or run commands (like PowerShell scripts) you don\u2019t understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.<\/p>\n 4) Keep your software updated:<\/strong> Regularly update your operating system<\/u><\/span>, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.<\/p>\n 5) Use two-factor authentication (2FA):<\/strong> Enable 2FA<\/u><\/span> on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password.<\/p>\n WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI<\/u><\/strong><\/span><\/p>\n Lumma Stealer shows just how sneaky cyberattacks are getting, especially with fake verification pages tricking Windows users. Hackers are getting creative, using fake CAPTCHA buttons to sneak PowerShell commands onto your system and run malware that can steal your data. The best way to stay safe is by being cautious with sketchy websites, not running random commands, keeping your antivirus up to date and making sure your system is patched.<\/p>\nWhat you need to know<\/strong><\/h2>\n
![\"Windows](\"https:\/\/wp.timesamerica.net\/wp-content\/uploads\/2024\/10\/windows-users-are-being-tricked-by-sneaky-malware-scheme-1.jpg\")
<\/picture><\/div>\nUpdating your PC is the best course of action<\/strong><\/h2>\n
For Windows 10 and Windows 11<\/strong><\/h3>\n
\n
For Windows 8.1 and Earlier Versions<\/strong><\/h3>\n
\n
![\"Windows](\"https:\/\/wp.timesamerica.net\/wp-content\/uploads\/2024\/10\/windows-users-are-being-tricked-by-sneaky-malware-scheme-2.jpg\")
<\/picture><\/div>\n5 more ways to protect yourself from Lumma malware<\/strong><\/h2>\n
Kurt\u2019s key takeaway<\/strong><\/h2>\n