Around 1,000 malicious domains are hosting webpages impersonating Reddit and WeTransfer, redirecting users to download password-protected archives

These archives contain an AutoIT dropper, we internally named #SelfAU3 Dropper at @sekoia.io, which executes #Lumma Stealer

IoCs ⬇️