How The Campaign Works
When you nudge the images, you are taken to two websiteseditproai[.
]pro and editproai[.
]org for the EditProAI applicationwhich were created to push Windows and macOS malware, respectively.
These sites are designed to appear credible, featuring professional layouts and ubiquitous cookie banners.
Once downloaded, the malware transmits stolen data to a server located at proai[.
]club/panelgood/, where attackers can retrieve it later, g0njxa says.
Areport from AnyRun, a sandbox malware analysis service, confirmed that the Windows variant is Lumma Stealer.
source: www.techworm.net
