This Clever Fake CAPTCHA Drops Malware

In this video, I share one of the more interesting and clever phishing attempts I've seen in a while. This one’s different: the attacker is using the legitimate GitHub "issues" feature to push their phishing attempt through trusted services. Watch as we break down how exactly the attacker did it and even uncover what malicious code it tries to social engineer us into running. After doing some classic investigation and IOC extraction, we come to find this campaign is part of the Lumma Stealer malware family!