Hundreds of Fake Reddit Sites Created by Hackers to Spread Information-Stealing Malware
Hundreds of fake Reddit websites have been created by hackers to spread malware designed to steal personal information.
Reddit: A Hotbed for Cybercriminals
Reddit has evolved from a simple social news aggregation site and forum to a major internet hub, so much so that Google often directs users to it when traditional web searches fall short. Even if you don’t actively use Reddit, chances are you’ve landed on the site while seeking solutions to more complex or niche issues. Unsurprisingly, this popularity has caught the eye of cybercriminals who are leveraging it in their latest schemes.
Fake Web Pages Spreading Malware
According to BleepingComputer, hackers have crafted nearly 1,000 counterfeit web pages mimicking Reddit to deceive unsuspecting users into downloading malware that steals information from their devices. These fake pages mimic a typical Reddit thread, starting with a question about a specific tool followed by responses from fake users offering a download link and thanking each other, which builds trust and misleads victims into believing the download link is safe—far from the truth.
The WeTransfer Trap and Lumma Stealer Malware
The malicious download link redirects to another fraudulent site that impersonates the popular file-sharing service WeTransfer, looking identical to the real thing. However, clicking the download button results in the installation of Lumma Stealer malware instead of the intended tool or program.
First identified in 2022, Lumma Stealer is designed to pilfer credentials such as usernames and passwords, along with other sensitive data on an infected PC. It has grown in prevalence due to its availability as Malware-as-a-Service; for as little as $250 a month, other hackers can deploy Lumma Stealer in their operations. With more expensive plans, they gain access to its source code and can modify it to tailor their attacks.
Once installed, Lumma Stealer can use your stolen passwords to hijack your online accounts, especially if you reuse passwords across multiple sites—a practice strongly discouraged. Instead, consider using one of the top password managers to generate and securely store strong, unique passwords for each of your accounts.