Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

OnlyFun (Dropper) – Malware

February 25, 2025
Reading Time: 3 mins read
in Malware
OnlyFun (Dropper) – Malware

OnlyFun

Type of Malware

Dropper

Date of Initial Activity

2024

Motivation

Data Theft

Attack Vectors

Phishing

Type of Information Stolen

Login Credentials

Targeted Systems

Windows

Overview

In the ever-evolving world of cybercrime, the lines between predator and prey are often blurred. A recent investigation by Veriti Research sheds light on a chilling twist in the hacker ecosystem, where a campaign targeting OnlyFans users has turned the tables, exposing how cybercriminals can unknowingly fall victim to their own malicious tools. The campaign, cleverly named OnlyFun, has ensnared a number of would-be hackers, who were tricked into infecting themselves with malware while attempting to exploit stolen OnlyFans credentials. The scheme, which began on a popular hacking forum, saw a user named “Bilalkhanicom” offering a seemingly innocuous tool designed to “check” the validity of stolen OnlyFans accounts. In the eyes of many cybercriminals, this tool was a golden opportunity to make quick profit by verifying the worth of hacked accounts. However, unbeknownst to these hackers, the tool was actually a sophisticated delivery mechanism for malware, which ultimately infected both innocent users and aspiring cybercriminals.

Targets

Individuals

How they operate

The OnlyFun malware campaign, which has ensnared both unsuspecting victims and cybercriminals alike, hinges on a sophisticated piece of malware known as Lummac Stealer. Initially presented as a tool for verifying the validity of stolen OnlyFans accounts, the malware cleverly camouflages its true intent, offering an easy entry point for cybercriminals looking to exploit compromised credentials. However, once activated, Lummac Stealer reveals its true nature—an insidious and highly capable threat that operates on multiple levels, collecting sensitive data and propagating itself to unsuspecting users. Lummac Stealer, first seen in August 2022, is an advanced form of malware that employs an efficient and hard-to-detect coding framework. Written in the C programming language, the malware is designed to be both lightweight and stealthy, making it a formidable adversary for cybersecurity professionals. Unlike many simpler strains of malware, Lummac operates with a high degree of technical sophistication, incorporating various methods to evade detection and ensure the successful exfiltration of stolen data. Its ability to target sensitive information across multiple systems, including cryptocurrency wallets and two-factor authentication (2FA) extensions, sets it apart as a significant threat in the cybercrime ecosystem. Once the malware is executed, it connects to a Command and Control (C2) server disguised with the user agent “TeslaBrowser/5.5,” ensuring that the communication between the infected machine and the attacker’s server goes unnoticed. Lummac Stealer is capable of exfiltrating a wide array of information, ranging from login credentials and financial data to sensitive system configurations. Additionally, it is equipped with advanced loader capabilities, allowing it to deploy additional malicious payloads, including executable files (EXE), dynamic-link libraries (DLL), and PowerShell scripts. This versatility ensures that Lummac Stealer can evolve in response to cybersecurity measures, adapting its methods to continue its exploitation of vulnerable systems. One of the most concerning aspects of Lummac Stealer’s operation is its ability to embed itself deeply within a victim’s system. It does so by exploiting various vulnerabilities and creating exclusions that make it difficult to detect and remove. Once embedded, it can function undisturbed for extended periods, allowing cybercriminals to siphon off valuable data over time. The malware also utilizes sophisticated techniques to avoid detection by traditional security software, further enhancing its stealth. This combination of technical sophistication and operational versatility makes Lummac Stealer a formidable weapon in the arsenal of cybercriminals, while also highlighting the dangers inherent in using seemingly innocuous tools in the cybercrime world.  
References
  • EXPOSED: OnlyFans Hack Gone Wrong – How Cyber Criminals Turn into Victims Overnight
  • Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
Tags: BilalkhanicomDroppersLummac StealerMalwareOnlyFansOnlyFunVeriti ResearchVulnerabilities
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Old Discord Links Now Lead To Malware

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

Subscribe to our newsletter

    Latest Incidents

    Canada WestJet Airline Contains Cyberattack

    Hackers Leak 10K VirtualMacOSX Customer Data

    Washington Post Investigates Cyberattack on Emails

    Cyberattack On Brussels Parliament Continues

    Swedish Broadcaster SVT Hit By DDoS

    Major Google Cloud Outage Disrupts Web

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial