A funny phishing targeting GitHub users with an email notification about a security issue on a existing repository.
Then the captcha verification on a malicious website is trying to trick the user to run a shell command on Windows.
🔗 Powershell to be executed by the user
https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473
🔗 File downloaded https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA - Lumma Stealer
🔗 Malicious domain analysis. https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774
#malware #malwareanalysis #infosec