OnlyFans is, perhaps unsurprisingly, a popular target for would-be hackers. However, attempting to break into a site with so much paid-for pornographic content is never going to be easy. That said, it’s doubtful that catching a very real infection would have been high on the hacker’s risk list.

OnlyFans Free Account Peeker Looked At More Than Hackers Bargained For

Cybersecurity researchers from security vendor Veriti have uncovered what it calls an ironic and sophisticated operation turning the tables on OnlyFans hackers. A newly published report reveals how a hacker posted a tempting offer on a popular underground cybercrime forum. The offer of a hacking tool to enable the user to check OnlyFans accounts for free, sounded too good to be true. That’s because it was. Criminals are not the most magnanimous of animals and anything of value that is being given away should be treated with much caution. In this case, the OnlyFans account checker was nothing of the sort, instead it was a delivery mechanism to drop the Lummac infostealer malware right into anyone’s lap who was foolish enough to download it.

The OnlyFans Account Checker

Veriti explained in their report how a checker works. In hacker parlance, a checker is a tool for verifying stolen credentials’ validity wholesale. The supposed OnlyFans checker would, the hunter in this scenario said, allow someone not only to check if leaked or stolen account credentials were valid, but also to check account balances and determine if an account had creator status. “These checkers are the digital lockpicks of the modern age,” Veriti said, “promising easy access to a treasure trove of sensitive information and potential financial gain.”

What Is The Lummac Stealer?

Lummac Stealer is not a new piece of malware; it’s been around since mid-2022, in fact. All sorts of bad actors have used it as part of a malware-as-a-service distribution model. It is, however, hard to detect and highly efficient in doing what it does: target crypto wallets, two-factor authentication and sensitive data from a victim device.

Once it has been activated, the Veriti report said, in this case it connected to a GitHub account repository containing a malicious file uploaded on August 27. “This file, like many others in the repository, is designed to embed itself deep within the victim’s system,” Veriti said, “creating exclusions and making it difficult to detect and remove.”

A High-Stakes Game Of Hacker Chess

Calling this particular campaign a new era of cyber-deception, as Veriti said, is perhaps a bit of a stretch. Cybercriminals have been doing the dirty since the very start, there really is no honor among thieves after all. However, I have to agree when the researchers say that the lines between predator and prey have never been as blurred as they are now. Recent maneuvers in the world of ransomware players demonstrate how affiliate hackers will follow the money rather than show any hint of group loyalty.

“In this high-stakes digital chess game,” the Veriti report concluded, “it seems the ultimate winner is the one who can think several moves ahead. And for now, that title might just belong to the mysterious mind behind the OnlyFans checker scam.”

This post was originally published on this site be sure to check out more of their content.