Don't fall for these Reddit scams that are waiting to install malware on your computer!

The infamous Lumma Stealer malware is back with a new campaign ready to steal your data. This time, the scammers are using thousands of fake Reddit and WeTransfer websites that lead straight to the malware—but look incredibly convincing.

Beware of these malware-infected fake Reddit pages!

Security analyst @crep1x discovered the new Lumma Stealer campaign and uploaded a full list of compromised domains to GitHub. At the time of publication, there were over 500 pages impersonating Reddit and over 400 pages masquerading as WeTransfer — all of which contained malware download links.

Don't fall for these Reddit scams that are waiting to install malware on your computer! Picture 1

Victims are served links to fake Reddit pages using a number of techniques. For example, Google Notebooks hosts links to malicious page rankings in Google Search, which direct unsuspecting users to a WeTransfer page hosting the Lumma Stealer payload.

Don't fall for these Reddit scams that are waiting to install malware on your computer! Picture 2

Once the malware is installed, it steals data for use on other platforms or for sale on dark web forums. However, there is some leniency for some potential victims. Crep1x notes that 'the request must come from a system that is considered a potential victim'; otherwise, you'll be redirected to a legitimate site.

It sounds good, but it's not worth relying on as a security method.

Information-stealing malware is dangerous and ubiquitous.

This malware campaign using Lumma Stealer is not the first to target your private data. Scammers have previously used this malware in a fake CAPTCHA program. It is also one of the common types of malware used in fake ChatGPT apps.

So while this malware scam uses Reddit and WeTransfer pages as bait, it's not unique in its use of Lumma Stealer.

Isabella Humphrey

Update 26 January 2025