OnlyFans hackers’ fate takes an ironic twist as they get attacked themselves


A hacker tool for breaching OnlyFans accounts turned out to be malware, serving wannabe attackers with an instant dose of karma.

A hacking forum user successfully duped its peers by uploading a malicious tool, the so-called “checker,” researchers at cybersecurity firm Verti discovered.

Checkers are used to verify en masse whether stolen credentials are valid. Such hacking tools are particularly useful for attackers who possess databases with millions upon millions of different credentials.

However, the supposed OnlyFans hacking tool was in fact a LummaC2 stealer, a sophisticated piece of malware, capable of siphoning sensitive details from a victim's computer. Which means that instead of sifting through a pile of stolen credentials, at least some who downloaded the supposed checker had their own login details exposed.

Since LummaC2 mostly targets crypto wallets and two-factor authentication (2FA) browser extensions, some hacking enthusiasts may have even ended up losing their funds.

Researchers note that the attacker behind the malicious hacker forum post has set its sights on fellow attackers. Apart from OnlyFans, the attacker also targeted Disney+ account thieves, Instagram hackers and aspiring botnet wranglers. Each post contains an infected download, which triggers a malicious payload upon execution.

“As we peel back the layers of this cyber-onion, one thing becomes clear: the lines between predator and prey in the digital realm are blurrier than ever,” researchers concluded.