Pakistan’s National CERT Warns of Massive Phishing Attack

News Desk

Islamabad: Pakistan’s National Computer Emergency Response Team (National CERT) has issued a critical warning regarding a large-scale phishing campaign using fake CAPTCHA images embedded in PDF files to distribute the Lumma Stealer malware.

According to the advisory released on Wednesday, the attack has compromised thousands of users globally, with a primary focus on the technology, financial services, and manufacturing sectors. Most victims were reported in North America, Asia, and Southern Europe.

Sophisticated Phishing Tactics

National CERT revealed that cybercriminals have been manipulating search engine results to spread malicious PDF files. These documents contain deceptive CAPTCHA images, tricking users into clicking embedded links that direct them to phishing websites. Once engaged, these sites either steal sensitive financial data or install Lumma Stealer, a notorious Malware-as-a-Service (MaaS) tool.

The attackers leveraged online platforms such as PDFC OFFEE, PDF4PRO, and Internet Archive to host these PDFs, making them appear legitimate in search results.

Impact of Lumma Stealer Malware

Lumma Stealer is designed to extract login credentials, browser cookies, and cryptocurrency wallet data from infected systems. It also deploys GhostSocks, a proxy malware that exploits victims’ internet connections for further malicious activities.

Investigations revealed that stolen credentials were being sold on underground cybercrime forums, including Leaky[.]pro. Malicious domains associated with the campaign include:

pdf-freefiles[.]com

webflow-docs[.]info

secure-pdfread[.]site

docsviewing[.]net

National CERT’s Security Recommendations

In response to the growing cyber threat, National CERT has urged organizations to implement strict cybersecurity measures to mitigate risks. Key recommendations include:

✅ Employee Awareness – Educating staff on phishing risks.

✅ Advanced Endpoint Protection – Deploying next-gen security solutions.

✅ Restricting PowerShell & MSHTA Execution – Limiting execution of potentially harmful scripts.

✅ Blocking Malicious Domains – Proactively filtering out known threat domains.

✅ Enforcing Multi-Factor Authentication (MFA) – Strengthening access controls.

✅ Monitoring Search Engine Listings – Identifying fraudulent domains impersonating legitimate services.

A Call for Enhanced Cybersecurity

National CERT emphasized that cyber threats are becoming increasingly sophisticated and urged organizations to proactively strengthen their security frameworks. Regular patch management, restricting administrative privileges, and implementing application whitelisting were identified as critical steps in preventing cyberattacks and data breaches.

As cybercriminals continue to refine their tactics, experts warn that vigilance and proactive defense strategies remain the best approach to safeguarding sensitive data and critical infrastructure.