The Pakistan Cyber Emergency Response Team (PakCERT) has warned internet users of a large-scale phishing campaign targeting cryptocurrency wallets through a newly identified malware, Leuma Stellar.
According to an advisory issued by PakCERT under the Cabinet Division, hackers are exploiting a fraudulent bot detection system embedded in PDF files to spread the virus. The malware is capable of stealing login credentials, browser information, and cryptocurrency wallet data, which is then sold on hacking forums.
The advisory highlights that attackers manipulate search engines to direct users toward downloading malicious PDFs. Once opened, these files display images of a fake bot detection system, tricking users into clicking on them. The click redirects them to phishing websites, where financial data is stolen or malware is deployed onto their systems.
The phishing campaign has particularly impacted users in the technology, financial services, and manufacturing sectors. PakCERT has urged organisations and individuals to remain vigilant against such threats by recognising malicious PDFs, monitoring suspicious websites, and reporting fraudulent domains.
To mitigate risks, the advisory recommends regular data backups, verification of recovery processes, system updates, multi-factor authentication, and strengthening cybersecurity defences.
The warning comes amid growing cybersecurity concerns in Pakistan. In recent days, vulnerabilities were detected in the networks of cybersecurity provider Palo Alto and VPN service SonicWall, raising fears that hackers could exploit these flaws to gain unauthorised access.
Earlier this year, the National Telecom and Information Technology Security Board (NTISB) had cautioned users about new cyberattack techniques targeting popular web browsers. The board warned that hackers were using deceptive methods to inject malicious code into websites, including social media and banking platforms, to extract sensitive user data.
Authorities have advised internet users to regularly update their applications, install licensed antivirus software, and exercise caution while interacting with online platforms to protect their digital assets.
