In a recent development, analysts at CloudSEK have discovered the much maligned use of black hat Search Engine Poisoning by threat actors, to push Rummy and Investment focused websites to unsuspecting users.

Dubbed the “Bait & Switch Mode,” the tactic involves registering Zendesk subdomains, integrating phishing pages on those subdomains, and exploiting Zendesk brand trust to bypass email spam filters.

The malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection.

The Lumma Stealer malware is being distributed through deceptive human verification pages that trick Windows users into running malicious PowerShell commands, leading to sensitive information theft.