Cybercriminals dangled lucrative contracts in front of their victims to entice them to open an attachment containing an infostealer.

Numerama reported on October 21, 2024, that it had received a phishing email proposing a fake partnership with the dating app Bumble. Upon identifying it as a scam, journalists consulted a cybersecurity expert to analyze the hackers’ methods.The initial contact email originated from the legitimate address of an authentic Polish advertising communication company, likely compromised. This allowed the cybercriminals to bypass the spam filters of potential victims’ email services. If the recipients responded, the attackers sent a follow-up message from an email address within a domain containing “Bumble.”

This message detailed, in a professional and convincing tone, an advantageous partnership offer, accompanied by a .rar attachment. Opening it required a password, provided in the email, to evade email security scans once again. The compressed file actually contained a powerful infostealer, Lumma Stealer, which is notably capable of stealing passwords stored in web browsers.

This campaign is emblematic of phishing attacks using fake partnerships, which often target companies and content creators. According to the cybersecurity expert, it dated back less than a week.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.