By Tech Desk ⏐ 9 months ago ⏐ Newspaper Icon Newspaper Icon 2 min read
Ncert Warns Of Lumma Stealer Malware Spread Through Fake Captcha Pdfs

ISLAMABAD: The National Computer Emergency Response Team (NCERT) has issued a warning about a new phishing campaign spreading Lumma Stealer malware through fake CAPTCHA images embedded in PDF files. This large-scale attack has targeted thousands of users across the technology, financial services, and manufacturing sectors, particularly in North America, Asia, and Southern Europe.

Cybercriminals are leveraging search engine manipulation to distribute malicious PDFs that redirect users to deceptive websites. These sites either capture sensitive financial information or deploy Lumma Stealer malware through PowerShell scripts using MSHTA commands. The PDFs, hosted on platforms such as PDFCOFFEE, PDF4PRO, and Internet Archive, appear legitimate in search results, increasing the risk of users falling victim to the scam.

Lumma Stealer, a Malware-as-a-Service (MaaS) tool, is capable of extracting login credentials, browser cookies, and cryptocurrency wallet information. Additionally, it installs GhostSocks, a proxy malware that exploits victims’ internet connections. Stolen data is reportedly being sold on underground forums like Leaky[.]pro. Malicious domains linked to this campaign include pdf-freefiles[.]com, webflow-docs[.]info, secure-pdfread[.]site, and docsviewing[.]net.

In response, NCERT has advised organizations to implement strict cybersecurity measures. Recommendations include educating employees about phishing risks, deploying advanced endpoint protection, blocking malicious domains, and enforcing multi-factor authentication (MFA). Restricting PowerShell and MSHTA execution and monitoring search engine results for fraudulent domains are also crucial steps to mitigate the spread of Lumma Stealer malware.

The advisory emphasizes the increasing sophistication of cyber threats and urges organizations to adopt a proactive approach to cybersecurity. Key practices include regular software updates, limiting administrative privileges, and utilizing application whitelisting. As cybercriminals continue to enhance their tactics, staying vigilant and strengthening security protocols is essential to prevent significant data breaches.

Tech Desk

Sharing clear, practical insights on tech, lifestyle, and business. Always curious and eager to connect with readers.

Latest News

Air Punjab
Bangladesh Set to Resume Direct Flights to Pakistan After Years
PTA
PTA Announces Temporary DIRBS Suspension: Mobile Registration Service to Pause During Dec 6–7
Saudi Arabia Extends 3 Billion Deposit With Pakistan Support To National Forex Reserves
Saudi Arabia Extends $3 Billion Deposit with Pakistan, Support to National Forex Reserves
Nepra Slashes K Electric Tariffs And Tightens Loss Targets
NEPRA Interim Tariff Review: Exporters Warn Rs55/kWh Risk
CDA
CDA Seals Housing Society Over Excess File Sales in Islamabad
Google Year In Search 2025 Gemini Ai Dominate Global Trends
Google Year in Search 2025: Gemini & AI Dominate Global Trends
Pakistan Introduces Stricter Regulations For Used Car Imports
Pakistan Introduces Stricter Regulations For Used Car Imports
Airsial Passengers Left Behind At Islamabad Airport
AirSial Launches Direct Flights from Lahore & Islamabad to Abu Dhabi
Who Are The Two Pakistanis Named In Forbes 30 Under 30 Asia 2026 List And Why
Who Are The Two Pakistanis Named in Forbes 30 Under 30 Asia 2026 List, And Why?
Battlefield 6 Overhauls Rush Breakthrough In Major Winter Update
Battlefield 6 Overhauls Rush & Breakthrough in Major Winter Update
Punjab Epa Cracks Down On Smoke Emitting Vehicles In Anti Smog Campaign
Punjab EPA Cracks Down on Smoke-Emitting Vehicles in Anti-Smog Campaign
Telenor Asia Welcomes Ccp Approval Of Ptcl Telenor Merger Awaits Pta Nod
PTA Imposes Stringent Safeguards as PTCL Gets Conditional Approval to Acquire Telenor Pakistan
Pakistan’s services exports surge 16% to $3.03bn; imports increase 12% in July–October