VERY IMPORTANT

A malicious campaign targeting indie game platforms like Itch.io and Patreon has been discovered. Attackers are using newly created accounts to spam comments on legitimate games, claiming to offer game updates through Patreon links. These links lead to downloads containing LummaStealer malware. The malware uses multiple anti-analysis techniques, including checks for virtual machines, specific usernames, and processes associated with malware analysis. The payload is delivered through a nexe-compiled JavaScript file, which drops and loads a DLL containing the LummaStealer variant. Despite efforts to remove malicious accounts, new ones continue to appear, indicating an ongoing campaign.