close From Captcha to catastrophe. How fake verification pages are spreading malware Hackers are using Captchas to infect your PC with malware Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web dont help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words.In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there's probably a solution.But bad actors have caught on to this, too. Theyre now mimicking Reddit to spread malware that can steal your personal information. Reddit app on home screen of smartphone (Kurt "CyberGuy" Knutsson)What you need to know about fake Reddit pagesHackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services.On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware.All these fake pages have the following things in common:The websites include a brand name (like "Reddit" or "WeTransfer") followed by random characters to appear legitimate at first glanceThey use ".org" or ".net" domains instead of the official one, which is ".com"The interface closely mimics the real sites to deceive usersThese fake websites were discovered bySekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware.According toBleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics. Illustration of a hacker at work (Kurt "CyberGuy" Knutsson)The dangers of info-stealer malwareHackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password.But Reddit isnt the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks.This type of malware has already played a role in major security breaches, including attacks onPowerSchool,Hot Topic, CircleCI and Snowflake. Its a growing threat, especially for companies that rely on password-based security.WHAT IS ARTIFICIAL INTELLIGENCE (AI)? Illustration of a hacker at work 6 ways to protect yourself from info-stealing malware1. Be cautious with download links:Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, its better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulationlike random characters added to the domain name.2. Have strong antivirus software:The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.GET FOX BUSINESS ON THE GO BY CLICKING HERE3.Verify website URLs:Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., ".org" or ".net" instead of the official ".com").4. Use strong, unique passwords and enable 2FA:Apassword manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about mybest expert-reviewed Password Managers of 2025 here.5. Keep your software updated:Regularlyupdate your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit.6. Watch out for malvertising and SEO traps:Hackers manipulate search engine results andrun deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true.Kurts key takeawayHackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but theyre designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals.CLICK HERE TO GET THE FOX NEWS APPHave you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading toCyberguy.com/Newsletter.Follow Kurt on his social channels:Answers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurts free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.