In recent cyber threats, hackers have devised a complex strategy, utilizing weaponized invoices to infiltrate trust in financial transactions. This malicious tactic involves embedding malware or malicious links within seemingly authentic payment requests, intending to deceive recipients into unwittingly opening the invoices. Such actions can lead to severe consequences, including potential data breaches, instances of financial fraud, and unauthorized access to sensitive information.
This threat was identified and analyzed by cybersecurity researchers at Perception Point, who uncovered a sophisticated malware dubbed “LUMMA.” The attackers, masquerading as a financial services company, lure targets by sending fabricated invoice emails. These emails prompt recipients to click on a “View & Download Invoice” link. Despite a failed attempt due to an unavailable website, the attackers ensure legitimacy by including a valid link, redirecting users after the initial button click. With hidden malicious payloads behind error pages and innocent-looking URLs, security scans fail to detect the true threat, redirecting users to harmful URLs that automatically download malicious files. The attackers, exploiting vulnerabilities, breached a legitimate website to facilitate this redirect, exposing users to the LUMMA InfoStealer malware.
The sophisticated nature of this attack, including the use of multiple processes like ‘1741[.]exe,’ ‘RegSvcs[.]exe,’ and ‘wmpnscfg[.]exe,’ from unusual folders, adds layers of complexity to the malicious activities. This incident underscores the critical necessity for advanced prevention measures, continuous monitoring, and adopting a multi-layered approach to confront and mitigate the evolving threats posed by cyber attackers in today’s digital landscape.