Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware.
The operation, discovered by Veriti Research, constitutes a characteristic example of the blurred lines between being a predator or prey in the world of cybercrime, where ironic twists and backstabs are abundant.
OnlyFans is an extremely popular subscription-based adult content platform where creators can earn money from users (referred to as "fans") who pay for access to their content.
Creators can share videos, images, messages, and live streams with their subscribers, while subscribers pay a recurring fee or one-time payments for exclusive content.
Given its popularity, OnlyFans accounts often become targets of threat actors who attempt to hijack them to steal fan payments, extort the account owner to pay a ransom, or simply leak private photos.
Checker tools are designed to help validate large sets of stolen login credentials (usernames and passwords), checking if the login details match any OnlyFans accounts and whether they're still valid.
