A recent malware campaign involving fake League of Legends download ads is spreading the Lumma Stealer, an information-stealing malware targeting unsuspecting gamers. Promoted primarily through social media, these ads falsely offer free downloads of the popular game League of Legends, a game that is already free, to lure victims. Upon clicking, users are redirected to a fraudulent download page that infects their system with malware instead of the actual game.
The Lumma Stealer malware is particularly dangerous as it is designed to extract sensitive information from victims’ computers. This includes login credentials, payment data, cryptocurrency wallet details, and browser session cookies, posing a significant threat to users’ online security and privacy. The campaign has mainly targeted European users, particularly around the excitement generated by LoL World Championships (Worlds 2024).
The campaign was first discovered by Bitdefender researchers, who have urged users to download the game only from official sources and to be skeptical of suspicious download links, especially those shared on social media platforms.
This campaign is part of a broader trend of cyber-criminals exploiting popular games and using malware-as-a-service (MaaS) platforms like Lumma Stealer to steal valuable data from individuals. Gamers, especially those with less cybersecurity awareness, are more vulnerable to these kinds of deceptive tactics and are urged to take care when downloading their favourite games.
