OnlyFans Creators Targeted by Cybercriminals
In a recent cybersecurity development, OnlyFans, a platform predominantly used by adult content creators, has become an attractive target for cybercriminals. These cyber actors exploit the platform by leveraging tools that purportedly check the validity of stolen usernames and passwords, later selling or using them maliciously.
Cybercriminals Tricked by Their Own Tools
While attempting to exploit OnlyFans content creators and subscribers, some cybercriminals found themselves the victims. According to Veriti Research, hackers developed a tool designed to verify stolen credentials from OnlyFans accounts. This tool, named "brtjgjsefd.exe," turned out to be a trap, fooling the hackers by deploying Lumma malware. Once activated, this malware, sourced from a GitHub repository, infected the perpetrators’ own systems.
Understanding the Lumma Malware
Lumma, recognized for advanced evasion capabilities, has been available for rent since 2022, with prices ranging from $250 to $1,000 monthly. It can infiltrate systems through various means such as malvertising, comments on YouTube, and torrents. Once installed, it steals sensitive information including credit card details, passwords, cryptocurrency wallets, and two-factor authentication codes. Furthermore, Lumma can download additional malicious payloads and execute PowerShell scripts on compromised machines.
Broad Impact on Cybersecurity Landscape
This incident not only highlights the vulnerabilities associated with digital platforms like OnlyFans but also illustrates the complexity of cybersecurity threats, as cybercriminals increasingly target one another. The misuse of digital tools and platforms underscores the need for robust cybersecurity measures to protect both creators and users alike.
Veriti Research's Role in Revealing Cyber Threats
Veriti Research has played a crucial role by shedding light on such deceptive tactics and malware operations within the cybercriminal community. Their findings about the internal battles among hackers underscore an ongoing saga of intrigue and sophistication in digital crime strategies, with crucial implications for internet safety and security.
