Two compromised legitimate sites found so far on URLScan (2 more on VT), containing injected obfuscated code inside a JS file.
urlscan.io/result/84e74...
urlscan.io/result/0b78b...
The command added to the clipboard takes victims to
hxxp://91.206.178.120:5001/get_txt
Then to the LummaC2 payload.
13.02.2025 19:33 — 👍 0 🔁 0 💬 0 📌 0
🚨 Are you tired of seeing attackers using ClickFix and FakeCAPTCHA every single day? Are you wishing there was something else to look at? 🚨
‼️The wait is over! Please, allow me to introduce you to "Suspicious IP", the new technique used to distribute... LummaC2. ‼️
🙄
#ClickFix #FakeCAPTCHA #LummaC2
13.02.2025 19:33 — 👍 0 🔁 0 💬 1 📌 0
Join the Modat.io Waitlist: Free 30-Day Professional Cybersecurity Access
Stop searching, start finding! Join the waitlist for Modat.io and access unparalleled contextual insights. Get 30 days FREE (€60 value)!
🚀 Something Big Is Coming - Waitlist Now Open for our premier product, Modat Magnify.
Modat Magnify is a faster, smarter, easier way for cybersecurity professionals to stop searching and start finding.
Sign up now waitlist2025.modat.io/join-the-wai... and be the 1st to experience Modat Magnify.
04.02.2025 12:12 — 👍 5 🔁 3 💬 0 📌 0