League of Legends Fans Targeted: Beware the Lumma Stealer Lurking in Fake Ads!

League of Legends
Image: Bitdefender Labs

As the League of Legends (LoL) World Championship captivates fans worldwide, cybercriminals are seizing the opportunity to distribute malicious software. Bitdefender Labs has uncovered a sophisticated campaign targeting LoL enthusiasts across Europe through deceptive advertisements on social media platforms.

Scammers are posting ads that appear to offer downloads of LoL, but instead, users are tricked into downloading the dangerous Lumma Stealer malware. This campaign is particularly insidious because it masquerades as an official promotional post, luring fans eager to participate in championship events.

The Deceptive Download

Clicking on the fraudulent advertisement directs users to a counterfeit download page designed to closely mimic the official LoL website. The attackers employ a technique known as “typosquatting,” making minor alterations to the domain name to make the site appear legitimate. When users click the download button, they are redirected to a Bitbucket repository containing a malicious archive.

The downloaded archive includes an executable file along with a legitimate Windows file named “user32.dll.” The executable acts as a loader, installing the Lumma Stealer malware onto the user’s device. Lumma Stealer operates as a Malware-as-a-Service (MaaS) in underground communities, making it accessible to a wide range of cybercriminals.

A Stealthy Threat

One of the most dangerous aspects of Lumma Stealer is its ability to integrate into a legitimate Windows process called “bitlockertogo.exe,” allowing it to evade detection by standard antivirus software. Once installed, the malware harvests sensitive information from the infected device, including:

  • Passwords
  • Credit card details
  • Cryptocurrency wallets
  • Browser cookies

Widespread Impact

This malicious campaign has already affected over 4,000 individuals, primarily male fans of League of Legends. With access to such sensitive data, scammers can hijack victims’ social media accounts to further propagate malware and scams. The stolen information is also sold on dark web marketplaces, where it can be used for identity theft and phishing attacks.

Protecting Yourself: Bitdefender’s Recommendations

Bitdefender experts emphasize the importance of following key cybersecurity practices to protect against such threats:

  • Verify URLs: Always check that the domain name is spelled correctly before clicking on any advertisement links.
  • Download Software Only from Official Sources: Obtain games and applications directly from official websites or reputable platforms like Steam.
  • Be Cautious with Ads: Cybercriminals often use enticing advertisements to lure users to malicious websites.
  • Use Antivirus Software: Reliable security programs can help detect and block dangerous files and phishing attacks.

Related Posts: