1. Forum
  2. FidoNet
  3. CONSPRCY

  • Fake CAPTCHAs used to spr

    From Mike Powell@1:2320/105 to All on Wednesday, March 19, 2025 09:22:00
    Fake CAPTCHAs are being used to spread malware - and we only have ourselves
    to blame

    Date:
    Tue, 18 Mar 2025 21:02:00 +0000

    Description:
    HP research highlights rise in the abuse of verification tests.

    FULL STORY

    New research has claimed victims are increasingly infecting themselves with malware thanks to a surge in fake CAPTCHA verification tests - taking
    advantage of a growing click tolerance as users are increasingly accustomed
    to jumping through hoops to authenticate themselves online.

    This isnt the first report to flag this attack, with security researchers identifying fake CAPTCHA pages spreading infostealer malware in late 2024,
    but HPs latest Threat Insights Report now warns this is on the rise.

    Users were commonly directed to attacker-controlled websites, and then pushed to complete convincing but fake authentication challenges.

    More campaigns identified

    These false CAPTCHAs usually trick users into running malicious PowerShell commands on their device that install a Lumma Stealer remote access trojan -
    a popular infostealer capable of exfiltrating a wide range of sensitive information, like browser details, email credentials, client data, and even cryptocurrency wallets.

    Fake CAPTCHA spreading wasnt the only threat uncovered, with attackers also able to access end-users webcams and microphones in concerning attacks spread via social engineering attacks, primarily using open source RAT and XenoRat
    to control devices, exfiltrate data, and log keystrokes.

    Alongside this, attackers were observed delivering malicious JavaScript code inside Scalable Vector Graphic (SVG) images to evade detection. These images are opened by default in browsers, and the embedded code is executed,
    offering redundancy and monetization opportunities for the attacker thanks to the remote access tools.

    "A common thread across these campaigns is the use of obfuscation and anti-analysis techniques to slow down investigations," said Patrick Schlpfer, Principal Threat Researcher in the HP Security Lab.

    Even simple but effective defence evasion techniques can delay the detection and response of security operations teams, making it harder to contain an intrusion. By using methods like direct system calls, attackers make it
    tougher for security tools to catch malicious activity, giving them more time to operate undetected and compromise victims endpoints."

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fake-captchas-are-used-to-spread-malwar e-hp-warns

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)