Researchers Uncover Massive Phishing Campaign Using Fake CAPTCHA Images in PDFs

Cybersecurity researchers have discovered a massive phishing campaign that uses fake CAPTCHA images embedded in PDF documents hosted on Webflow's content delivery network (CDN) to distribute the Lumma stealer malware. Netskope Threat Labs identified 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. The attacker employs SEO techniques to deceive victims.