Guardio Labs reported on a large-scale fake captcha campaign distributing Lumma Stealer that circumvents general security measures like Safe Browsing. The campaign relies entirely on a single ad network for propagation (malvertising), Monetag, a subsidiary of ProepllerAds previously tracked by Infoblox under the name “Vane Viper.” These ads, leveraging BeMob for tracking, receive over 1 million daily “impressions,” potentially causing thousands of daily infections of Lumma Stealer through a network of 3,000+ sites using Monetag scripts. The research dissects this campaign and provides insights into the malvertising industry’s infrastructure, tactics, and key players.