Summary:
-
Novel Phishing Method
GitHub users received phishing emails claiming to report security vulnerabilities, leading them to a malicious site. -
Deceptive CAPTCHA
The email prompts users to pass a fake CAPTCHA that instructs them to run harmful PowerShell commands, ultimately downloading malware. -
Credential Stealer
The malicious software, known as Lumma Stealer, targets and captures stored credentials from the victim’s PC.
Read more at: Krebs on Security
!