How Lumma Stealer sneaks into organizations
Lumma Stealer, a sophisticated information-stealing malware, has gained prominence in cybercriminal circles since 2022. It employs various distribution methods, with fake CAPTCHA pages being a notable vector. These pages mimic legitimate services and trick users into executing malicious commands. The malware uses complex infection chains involving PowerShell scripts, JavaScript, and AutoIt components to evade detection. Once installed, Lumma Stealer targets a wide range of sensitive data, including cryptocurrency wallets, browser credentials, and financial information. The malware's stealthy execution and anti-analysis techniques make it a significant threat to both individuals and organizations.
Pulse ID: 680680f666b6192de781c7f1
Pulse Link: https://otx.alienvault.com/pulse/680680f666b6192de781c7f1
Pulse Author: AlienVault
Created: 2025-04-21 17:31:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
![We all know that “Can it run DOOM?” is the first question of a hardware hacker. The 1993 first person shooter from id Software defined an entire genre of games, and has since been made open source, appearing on almost everything.
Announcing his latest innovation on New Year's Eve, Guillermo Rauch's Doom CAPTCHA adds to a lengthy list of notable [and more serious/useful] feats, including authorship of Next.js, Mongoose and Socket.IO, among other open source projects. The Doom CAPTCHA might take the title for most fun, though.
That is, if you can cope with Doom on nightmare mode [the highest difficulty], which makes the demonic enemies harder to kill and more aggressive. Your correspondent did manage it on the first try, once I remembered that it's not immediately obvious how to strafe, and was left with a meager 19 percent health and a suitably bloodied and battered status bar face.
Since most web users find even the most basic CAPTCHA an annoying hoop to jump through, I don't see the nightmare Doom version gaining much traction outside the most sadistic devs implementing it as a joke or to intentionally annoy people.](https://nerdculture.de/system/media_attachments/files/114/359/279/392/524/331/original/b3e1a65e421d2820.jpeg "We all know that “Can it run DOOM?” is the first question of a hardware hacker. The 1993 first person shooter from id Software defined an entire genre of games, and has since been made open source, appearing on almost everything.
Announcing his latest innovation on New Year's Eve, Guillermo Rauch's Doom CAPTCHA adds to a lengthy list of notable [and more serious/useful] feats, including authorship of Next.js, Mongoose and Socket.IO, among other open source projects. The Doom CAPTCHA might take the title for most fun, though.
That is, if you can cope with Doom on nightmare mode [the highest difficulty], which makes the demonic enemies harder to kill and more aggressive. Your correspondent did manage it on the first try, once I remembered that it's not immediately obvious how to strafe, and was left with a meager 19 percent health and a suitably bloodied and battered status bar face.
Since most web users find even the most basic CAPTCHA an annoying hoop to jump through, I don't see the nightmare Doom version gaining much traction outside the most sadistic devs implementing it as a joke or to intentionally annoy people.")
![[ImageSource: Guillermo Rauch]
So here’s [Guillermo Rauch] DOOM captcha, in which you must gun down three bad guys to proceed.
It’s a WebAssembly application as you might have guessed, and while it’s difficult to shake that idea from the early 90’s that you needed a powerful computer to run DOOM, in reality it shows just how powerful WebAssembly is, as well as how far we’ve come in three decades.
The captcha prefer a few different entry points instead of always playing the same level, and I were always more handy with the mouse than the keyboard back in the day, but it’s certainly a bit of fun. It’s worth noting that simply playing the game isn’t enough to verify your humanity — if you’re killed in the game before vanquishing the required three foes, you’ll have to start over. As the game is running at “Nightmare” difficulty, proving your worth might be a tad harder than you’d expect.
<https://www.pcgamer.com/captchas-are-annoying-but-this-doom-themed-one-is-actually-fun/>
CAPTCHA programs that are used to determine whether a site visitor is a person or a bot come in pretty standard formats. Think text distortion [where users type the characters they see in a box amid other squiggles]; image recognition [you’re selecting, say, all the squares in a grid with a bicycle image]; and checkbox verification [you click on that box that reads: “I am not a robot”].](https://nerdculture.de/system/media_attachments/files/114/359/280/304/191/222/original/de8eef89c4b121f0.jpeg "[ImageSource: Guillermo Rauch]
So here’s [Guillermo Rauch] DOOM captcha, in which you must gun down three bad guys to proceed.
It’s a WebAssembly application as you might have guessed, and while it’s difficult to shake that idea from the early 90’s that you needed a powerful computer to run DOOM, in reality it shows just how powerful WebAssembly is, as well as how far we’ve come in three decades.
The captcha prefer a few different entry points instead of always playing the same level, and I were always more handy with the mouse than the keyboard back in the day, but it’s certainly a bit of fun. It’s worth noting that simply playing the game isn’t enough to verify your humanity — if you’re killed in the game before vanquishing the required three foes, you’ll have to start over. As the game is running at “Nightmare” difficulty, proving your worth might be a tad harder than you’d expect.
<https://www.pcgamer.com/captchas-are-annoying-but-this-doom-themed-one-is-actually-fun/>
CAPTCHA programs that are used to determine whether a site visitor is a person or a bot come in pretty standard formats. Think text distortion [where users type the characters they see in a box amid other squiggles]; image recognition [you’re selecting, say, all the squares in a grid with a bicycle image]; and checkbox verification [you click on that box that reads: “I am not a robot”].")
Bild-Captchas sind out! Ein Experte erklärt, warum die nervigen Aufgaben wie Ampeln-Ausklicken bald der Vergangenheit angehören könnten. Moderne, unsichtbare Captchas sind sicherer & nutzerfreundlicher. 
