Security researchers have discovered a new phishing campaign that capitalizes on excitement around the start of the League of Legends (LoL) World Championship this week to spread info-stealing malware.
Bitdefender explained in a blog post that it has spotted malicious social media ads promoting a free download of League of Legends, a popular PC-only game that is in fact already free of charge.
Clicking on the ad takes victims to a lookalike LoL download page which uses typosquatting techniques to mimic the domain of the legitimate version.
“Once the user clicks the download link, they are directed to a Bitbucket repository that contains a malicious archive,” Bitdefender explained.
“The downloaded archive contains an executable along with a legitimate Windows file, user32.dll. The executable acts as a dropper for the Lumma Stealer, a dangerous piece of malware known for its extensive ability to harvest data from infected devices.”
Lumma Stealer is a popular infostealer malware variant designed to harvest passwords, card details, cryptocurrency wallets and browser session cookies, among other things.
This information can either be sold on the dark web or used directly by the threat actor for identity fraud and follow-on phishing attacks. In some cases, they may also be able to hijack the victim’s social media accounts and use these to further scams, phishing and other campaigns.
Read more on Lumma Stealer: Infostealer Lumma Evolves With New Anti-Sandbox Method
“What makes Lumma particularly dangerous is its stealthy approach,” Bitdefender warned. “Once deployed, it injects itself into a legitimate Windows process, bitlockertogo.exe, to remain undetected by basic antivirus software.”
The LoL World Championship began on September 25 and runs to November 2, with games played in London, Paris and Berlin. So far, the campaign has already targeted over 4000 individuals, Bitdefender said.
The security vendor advised users to:
- Always check URLs before clicking on links, especially if they’re in social media ads
- Avoid downloading software from unofficial sources
- Be skeptical of online ads
- Use reliable anti-malware tools to block malicious files and phishing