Malware delivery operation overview by Pakistani hackers

A Pakistan-based cybercrime network has been linked to a major malware delivery operation, according to a report by cybersecurity firm CloudSEK. This family-run syndicate, operating from Bahawalpur and Faisalabad, exploited the demand for pirated software to distribute credential-stealing malware globally.

Malware delivery operation overview by Pakistani hackersMalware delivery operation overview by Pakistani hackers

Operation Details The group utilized search engine optimization (SEO) poisoning, forum spam, and paid ads to promote cracked versions of popular software like Adobe After Effects and Internet Download Manager through malicious WordPress sites. These sites concealed malware such as Lumma Stealer and Meta Stealer within password-protected archives.

Malware delivery operation overview by Pakistani hackersMalware delivery operation overview by Pakistani hackers

The operation involved 5,239 affiliates and nearly 3,900 distribution sites, generating 449 million clicks and over 1.88 million installs. CloudSEK estimates the network's revenue at \$4.67 million, likely underreported due to untracked transactions. Affiliates were paid primarily through Payoneer and Bitcoin, with top earners receiving nearly half of all payouts.