Deceptive Cracked Software Spreads Lumma Variant on YouTube

FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023.

These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly. To circumvent straightforward web filter blacklists, the attackers exploit open-source platforms like GitHub and MediaFire instead of deploying their malicious servers.

Read more…
Source: Fortinet