Sean Whalen 👨🏼‍🦼🏳️‍🌈🇺🇦🕊️<p>In this post I take a deep dive into a fake CAPTCHA on a compromised website, and the multistage fileless loader that delivered the Lumma Stealer malware if visitors followed its instructions.</p><p><a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/reCAPTCHA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reCAPTCHA</span></a> <a href="https://infosec.exchange/tags/WordPress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WordPress</span></a> <a href="https://infosec.exchange/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/Emmenhtal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Emmenhtal</span></a> <a href="https://infosec.exchange/tags/Infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infostealer</span></a> <a href="https://infosec.exchange/tags/LummaStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LummaStealer</span></a></p><p><a href="https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">seanthegeek.net/posts/compromi</span><span class="invisible">zed-store-spread-lumma-stealer-using-fake-captcha/</span></a></p>