Cybersecurity researchers from Sekoia have warned of hundreds of fake Reddit and WeTransfer pages used to deploy the Lumma Stealer malware. The well-built fake Reddit pages display threads where users share links to fake WeTransfer pages to download malware. The URLs of these pages contain official brand names and sit on .org and .net domains, enhancing their appearance of legitimacy. The actual malware is hosted on “weighcobbweo[.]top.” The targets often depend on the type of software being faked.

New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload
Researchers have uncovered a new strain of the advanced KoiLoader malware, believed to be distributed through phishing emails posing as bank statements. The malware employs