Reddit may have started out as a social news aggregation site and forum but it has quickly exploded in popularity in recent years. So much so that even Google now sends its own users there when a traditional web search just doesn’t do the trick.
Even if you aren’t an active Reddit user with your own account, chances are that you’ve ended up on the site when trying to find a solution for a more difficult or niche problem. Well, as you would expect, hackers are now capitalizing on this in a new campaign.
As reported by BleepingComputer, hackers and other cybercriminals have created close to 1,000 web pages impersonating Reddit in a bid to trick unsuspecting users into downloading and installing info-stealing malware onto their devices.
Here’s everything you need to know about this new campaign along with some tips and tricks that can help you avoid falling for it.
Not the helpful post you were looking for
One of the ways that people often end up on Reddit is when looking for tech support advice and the hackers behind this campaign are using this to their advantage. In the screenshot above of a fake Reddit site discovered by a researcher at the cybersecurity firm Sekoia, you’d almost think you were looking at an actual Reddit page.
If you examine the site’s URL closely (something I always recommend), you could easily see that this isn’t in fact Reddit but a webpage designed in such a way that the resemblance is almost uncanny. Still though, hackers love creating a sense of urgency and when you’re dealing with a frustrating computer problem (or other issue), their work is already done for them.
The content on these fake pages is also written in such a way that it resembles an actual Reddit thread. They start with a question asking for a specific tool and then to trick potential victims further, a fake Reddit user replies to the thread with a download link and another fake user thanks them for doing so. This helps build trust with victims and makes them believe that the download link is legitimate and not malicious. Unfortunately though, that couldn’t be anything further from the truth.
The download link takes them to another fake website impersonating the popular file-sharing service WeTransfer. It too looks just like the real thing. However, if an unsuspecting user clicks the download button, instead of the tool or program they were looking for, they inadvertently end up downloading the Lumma Stealer malware.
First discovered back in 2022, Lumma Stealer is an info-stealing malware designed to steal credentials like usernames and passwords along with other sensitive data stored on an infected PC. This malware has become more prevalent in recent years due in part to the fact that it’s distributed using a Malware-as-a-Service model. For as little as $250 a month, other hackers can pay to use Lumma Steal in their own attacks. However, with the highest paid plan, they get access to its source code and can even modify it to better suit their attacks.
Once installed on your computer, Lumma Stealer can use your stolen passwords to take over your online accounts. This is especially true if you reuse passwords across multiple accounts which is something we never recommend because once hackers have the credentials for one account, they will then try to use them to access the rest of your accounts. Instead, you should use one of the best password managers to create strong, unique passwords for you as well as securely store them.
How to stay safe from fake sites spreading malware
In this case, the Sekoia researcher who discovered these fake websites impersonating Reddit and WeTransfer has put together a full list of all of them which they shared with BleepingComputer. So far, there are 529 pages impersonating Reddit and 407 that impersonate WeTransfer.
At the moment, it’s unclear how these attacks begin but it could be through malvertising, malicious sites or even with direct messages on social media. Regardless, you always want to carefully examine the URL of any site you’re currently on and do the same thing with links in messages, emails, forum posts, etc. You can do this by hovering your mouse cursor over the anchor text that takes you to a link. When in doubt though, don’t click on any links sent to you in a suspicious message or email.
Since malvertising could also be in play here, you want to avoid clicking on the sponsored links at the top of Google Search or any other search engine for that matter. Instead, scroll a bit further down the page to the actual links and just avoid ads altogether.
To stay safe from malware, you should have the best antivirus software installed on your PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your smartphone.
Likewise, you should enable your browser’s built-in protection against sites known for spreading malware. For instance, when I tried clicking on the link on that fake Reddit website to take a screenshot of the fake WeTransfer page it led to, Chrome showed me the following message in the screenshot above. Most browsers have built-in protection against this sort of thing and for additional protection, at least in Chrome, you can also enable Enhanced Safe Browsing.
Fake sites and brand impersonation are some of the oldest tools in a hacker’s arsenal but if you think before you click and educate yourself on the latest scams and cyberattacks, you’ll know how to avoid falling victim to something like this. Then, it’s just a matter of passing on this knowledge to your friends, family and children.
More from Tom's Guide
