JAKARTA - The theft of personal data has never stopped happening, now it is found that hackers are using the WeTransfer link to carry out phishing attacks.

WeTransfer itself is a free file sharing site used by workers and businesses. Cybersecurity researchers from Cofense have found hackers distributing malware called Lampion using WeTransfer links.

Further researched, the email contained phishing using a hacked business account, prompting recipients to download proof of payment from WeTransfer.

The file received by the target is the ZIP archive containing Virtual Basic Script (VBS) which must be launched by the victim so that the attack can start.

If run, then the URL will connect to Amazon Web Service (AWS), and retrieve two DLL files, also in a protected ZIP archive. This DLL, when activated (automatically), is loaded into memory and allows Lampion to operate.

Launching Bleeping Computer, Wednesday, September 14, then Lampion starts stealing data from computers, targeting bank accounts by taking injections from C2 and coating its own login form on the login page. When a user enters their credentials, the fake login form will be stolen and sent to the attacker.

Diketahui dari mengutip TechRadar, Lampion adalah virus komputer yang dikenal, mampu mencuri data sensitif, seperti informasi perbankan dan password.

The Lampion Trojan has come since 2019, focusing mainly on Spanish-language targets and using compromised servers to host ZIP is dangerous.

Then, what makes Lampion more dangerous than any other malware, is the use of legitimate file transfer services like WeTransfer, making it very difficult for email security systems to mark as dangerous.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)