The Dark Side of League of Legends: New Phishing Campaign Targets Excitement of LoL World Championship
As the League of Legends (LoL) World Championship kicks off this week, a new phishing campaign has emerged, preying on the eagerness and excitement of gamers to participate in the global event. Security researchers at Bitdefender have uncovered a malicious scheme that uses social media ads to lure unsuspecting victims into downloading what appears to be a free version of the popular PC game, LoL.
According to Bitdefender’s blog post, the malicious ads promise a free download of League of Legends, a game that is actually already available at no cost. Once users click on the ad, they are directed to a fake LoL download page that mimics the domain of the legitimate version using typosquatting techniques.
What follows is a dangerous chain of events – the unsuspecting victims are led to a Bitbucket repository where they download an archive containing an executable file and a legitimate Windows file, user32.dll. The executable serves as a dropper for a notorious malware called Lumma Stealer, known for its ability to steal sensitive data from infected devices.
Lumma Stealer specializes in harvesting passwords, credit card details, cryptocurrency wallets, and browser session cookies, among other things. This stolen information can either be sold on the dark web or used by cybercriminals for identity fraud and subsequent phishing attacks. In some cases, the perpetrators may even hijack victims’ social media accounts to launch further scams and phishing schemes.
Learn more about Lumma Stealer: Infostealer Lumma Evolves With New Anti-Sandbox Method
Bitdefender cautions that Lumma Stealer’s stealthy tactics make it particularly dangerous as it injects itself into a legitimate Windows process, bitlockertogo.exe, to evade detection by basic antivirus software. The ongoing LoL World Championship, spanning from September 25 to November 2 across London, Paris, and Berlin, has already seen over 4000 individuals targeted by this malicious campaign, Bitdefender revealed.
To protect yourself from falling victim to similar phishing scams, Bitdefender recommends the following precautions:
- Always verify URLs before clicking on links, especially those in social media ads
- Avoid downloading software from unofficial sources
- Approach online ads with caution and skepticism
- Utilize trusted anti-malware tools to prevent malicious files and phishing attempts
Stay vigilant and stay safe during the LoL World Championship and beyond, guarding yourself against the hidden dangers lurking behind the excitement of online gaming.