CyberSecurity news
FlagThis
Andres Ramos@Arctic Wolf
//
A resurgence of a fake CAPTCHA malware campaign has been observed, with threat actors compromising widely used websites across various industries. They are embedding a fake CAPTCHA challenge that redirects victims to a site triggering PowerShell code execution. This campaign exploits social engineering tactics and fake software downloads to deceive users into executing malicious scripts.
This tactic is also utilized with fake captchas which resemble legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard. The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques, including API hooking. This allows the malware to hide files and registry entries, making detection difficult.
ImgSrc: arcticwolf.com
References :
This tactic is also utilized with fake captchas which resemble legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard. The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques, including API hooking. This allows the malware to hide files and registry entries, making detection difficult.
ImgSrc: arcticwolf.com
Share:
References :
- Arctic Wolf: Widespread Fake CAPTCHA Campaign Delivering Malware
- hackread.com: New OBSCURE#BAT Malware Targets Users with Fake Captchas
- Security Risk Advisors: 🚩 Fake CAPTCHA Malware Campaign Resurges With Multi-Stage PowerShell Infostealers
- SpiderLabs Blog: Resurgence of a Fake Captcha Malware Campaign
- www.zdnet.com: That weird CAPTCHA could be a malware trap - here's how to protect yourself
- Seceon Inc: Beware of Fake CAPTCHA Scams: How Cybercriminals Are Hijacking Your Clipboard to Steal Data
- www.cysecurity.news: Fake CAPTCHA Scams Trick Windows Users into Downloading Malware
- : Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
- Broadcom Software Blogs: In a recent surge of sophisticated cyber threats, attackers are exploiting fake CAPTCHA verifications to hijack users’ clipboards, leading to the installation of information-stealing malware.
- Security Risk Advisors: ClearFake injects JavaScript to show fake CAPTCHAs on compromised sites, tricking users into running PowerShell for Lumma/Vidar malware.
- www.cisecurity.org: The CIS CTI team spotted a Lumma Stealer campaign where SLTT victims were redirected to malicious webpages delivering fake CAPTCHA verifications.
- gbhackers.com: Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
- Sucuri Blog: Sucuri Blog: Fake Cloudflare Verification Results in LummaStealer Trojan Infections
- securityonline.info: Fake Cloudflare Verification Prompts Deliver LummaStealer Trojan Through Infected WordPress Sites
Classification:
- HashTags: #Malware #FakeCaptcha #Infostealer
- Company: Google
- Target: Users
- Product: Google
- Feature: Malware Delivery
- Malware: Lumma
- Type: Malware
- Severity: Medium