CyberSecurity news
FlagThis
Lawrence Abrams@BleepingComputer
//
iClicker, a widely-used student engagement platform, fell victim to a sophisticated ClickFix attack that compromised its website. The attack utilized a fake CAPTCHA prompt to deceive both students and instructors into unknowingly installing malware on their devices. This incident highlights the growing trend of cybercriminals exploiting user trust through social engineering tactics. iClicker, a subsidiary of Macmillan, serves approximately 5,000 instructors and 7 million students across numerous universities in the United States, making it a prime target for such malicious activities. The company has acknowledged the hijacking and issued a security bulletin advising affected users to take immediate action.
The ClickFix attack hinges on exploiting the familiarity users have with CAPTCHA verification processes. Instead of presenting a typical challenge to distinguish between humans and bots, the fake CAPTCHA prompts users to execute malicious scripts. This involves instructing users to open the Windows Run dialog, paste a provided script, and press Enter. Unbeknownst to the user, this action initiates a PowerShell script that retrieves and installs malware, granting attackers unauthorized access to their computer. The University of Michigan’s IT security team issued an early warning to students after discovering the malicious CAPTCHA.
Sophos X-Ops revealed that the malware being installed through this method is the notorious Lumma Stealer. Lumma Stealer is a Malware-as-a-Service (MaaS) offering typically sold via Telegram channels, allowing cybercriminals to steal sensitive data, including browser passwords, cookies, cryptocurrency wallets, and session tokens. iClicker advised users who interacted with the false CAPTCHA between April 12-16 to run antivirus software and change their passwords immediately. The attack demonstrates the need for heightened cybersecurity awareness and vigilance when interacting with online prompts, even on trusted websites.
ImgSrc: www.bleepstatic
References :
The ClickFix attack hinges on exploiting the familiarity users have with CAPTCHA verification processes. Instead of presenting a typical challenge to distinguish between humans and bots, the fake CAPTCHA prompts users to execute malicious scripts. This involves instructing users to open the Windows Run dialog, paste a provided script, and press Enter. Unbeknownst to the user, this action initiates a PowerShell script that retrieves and installs malware, granting attackers unauthorized access to their computer. The University of Michigan’s IT security team issued an early warning to students after discovering the malicious CAPTCHA.
Sophos X-Ops revealed that the malware being installed through this method is the notorious Lumma Stealer. Lumma Stealer is a Malware-as-a-Service (MaaS) offering typically sold via Telegram channels, allowing cybercriminals to steal sensitive data, including browser passwords, cookies, cryptocurrency wallets, and session tokens. iClicker advised users who interacted with the false CAPTCHA between April 12-16 to run antivirus software and change their passwords immediately. The attack demonstrates the need for heightened cybersecurity awareness and vigilance when interacting with online prompts, even on trusted websites.
ImgSrc: www.bleepstatic
Share:
References :
- securityonline.info: CAPTCHA Trap: Fake Verification Unleashes Lumma Stealer on Unsuspecting Users
- Talkback Resources: Website Hacked with Fake CAPTCHA in ClickFix Attack
- The DefendOps Diaries: The ClickFix Attack: Unmasking the Fake CAPTCHA Deception
- BleepingComputer: iClicker site hack targeted students with malware via fake CAPTCHA
Classification:
- HashTags: #CyberAttack #Malware #ClickFix
- Company: iClicker
- Target: Students and Instructors
- Product: iClicker
- Feature: CAPTCHA
- Malware: Lumma Stealer
- Type: Malware
- Severity: Medium