Listen to this Post

An investigation into the seized Lumma Stealer panel (tsoi-zhiv(.)com) revealed a hidden script injected into the DOM, designed to secretly capture photos of visitors via their front-facing camera.
Key Findings:
- Stealthy Injection: The script was embedded in the HTML to avoid detection.
- Front Camera Preference: Prioritized the front camera, likely for facial captures.
- Fallback Mechanism: If camera access was blocked, the form would still submit.
- Visual Feedback: A spinner displayed during capture to avoid suspicion.
🔗 References:
You Should Know:
How to Detect & Mitigate Camera Hijacking
1. Browser Inspection:
- Open DevTools (
F12), go to `Elements` tab, and search for:navigator.mediaDevices.getUserMedia
- Check for unauthorized scripts in `