Fake Booking Websites Deliver LummaStealer Malware - Beware!

Hackers have launched a new attack using fake hotel and travel booking websites to spread LummaStealer malware. Disguised as legitimate booking confirmation pages, these fraudulent sites trick users into running harmful commands that compromise their personal and financial information.
- Fake Booking Websites – Cybercriminals create phishing sites that look like real travel booking pages.
- Deceptive CAPTCHA Verification – Instead of a real CAPTCHA, users are told to run a command in Windows, which starts the malware infection.
- Targeted Travel Locations – Initially, the scam focused on Palawan, Philippines, but later expanded to Munich, Germany, showing a global attack pattern.
- PowerShell-Based Malware Installation – The malware uses a PowerShell command to bypass security measures and infect systems.
- LummaStealer Malware – Once installed, this malware steals passwords, banking details, and other sensitive information.
- Advanced Evasion Techniques – Attackers use Binary Padding (increasing file size) and Obfuscation (hiding malware in encrypted scripts) to avoid detection.
Hackers are constantly evolving their tactics, and fake booking websites have become a new weapon for spreading malware. The LummaStealer campaign highlights the risks of online travel scams and the importance of cybersecurity awareness.
Stay cautious, verify websites, and never execute unknown commands to keep your data safe!
Comment(s)
Categories
- Other (42)
- Ransomware (148)
- Events and News (27)
- Features (45)
- Security (470)
- Tips (79)
- Google (23)
- Achievements (11)
- Products (34)
- Activation (7)
- Dealers (1)
- Bank Phishing (45)
- Malware Alerts (218)
- Cyber Attack (263)
- Data Backup (11)
- Data Breach (101)
- Phishing (157)
- Securty Tips (1)
- Browser Hijack (18)
- Adware (15)
- Email And Password (69)
- Android Security (71)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (8)
- vulnerability (57)
- Hacker (31)
- Spyware (9)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (5)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (7)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (9)
- IoT Security (1)
- Deals and Offers (2)
- Cloud Security (11)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (5)
- Amazon (2)
- DMart (1)
- Payment Risk (4)
- Occasion (3)
- firewall (2)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (12)
- Impersonation phishing (1)
- DDoS (6)
- Smishing (2)
- Whale (0)
- Whale phishing (4)
- WINRAR (2)
- ZIP (2)
Recent Posts
Archive
Tags
cyber attack
phishing
phishing attacks
data breach
cyber threats
ransomware
phishing attack
ransomeware
malware
android malware
data theft
phishingattack
financial security
cyber security
cyberthreats
data stealing
cybercrime
network security
phishing scam
ddos attack
twitter
data security
critical vulnerability
trojan
cyber fraud
data protection
financial fraud
phishing email
microsoft
lockbit
cybercriminals
cert-in
cyber crime
ddos
credential theft
net protector total security
india
cyber threat
winrar
server security
cryptojacking
email phishing
malicious apps
clop
android apps
play store
pakistan-backed hacker
ransomware attacks
databreach
credit card theft