Avoiding Capture From Fake CAPTCHAs

Online criminals are spreading the Lumma Stealer malware through fake human verification pages disguised as Google's CAPTCHA system.

When users click on these fake verification buttons, they are instructed to paste a PowerShell script into their Run window, which then downloads and executes the malware.

This malware can steal sensitive data such as passwords, browser information, and cryptocurrency wallet details. Users are advised to be cautious and avoid interacting with suspicious verification pages.

The source provides a breakdown of the hack:

According to Cloudsek researchers, they [make] these schemes by creating fake human verification pages forcing the user to download malware. The whole process is very simple, yet effective: a user clicking on a link finds himself on a page, supposedly Google CAPTCHA, asking him to click on the "I am not a robot" button. From that point, an unsuspecting user starts a really dangerous chain reaction.

When the fake CAPTCHA is clicked, a PowerShell script is copied to the user's clipboard. On pasting and running this command, the hidden PowerShell window launches an encoded base64 script that obtains further instructions from a remote server. This downloads and executes Lumma Stealer malware, which, without an easy replacement process, connects to attacker-controlled domains.

https://www.techtimes.com/articles/307852/20241014/beware-windows-users-hackers-spread-lumma-stealer-malware-through-fake-human-verification-pages.htm (Oct. 14, 2024).

Commentary

CAPTCHA ("Completely Automated Public Turing Test to Tell Computers and Humans Apart") is a type of challenge-response test used to determine whether a user is human or some type of spam bot.

A common challenge presents images and asks you to select from the six images those that contain a particular object, like a car or stop sign. There are other variations of the popular security protocol. The challenge presented is easy for humans to solve (not always - especially if on a small screen), but is difficult for the bots.

Ironically, one of the purposes of CAPTCHA is to prevent phishing and other social engineering that is inherent with spam, but now the online criminals have adapted and are exploiting a common security tool.

So, how do you prevent becoming captured by a fake CAPTCHA?

First, you understand (or should understand by now) how CAPTCHA works. CAPTCHA never asks that you download a file or run commands. So if a "CAPTCHA" security protocol asks for you to do any additional steps, like run a command or download a file" you need to stop and not engage.

Other steps to avoiding malware include:

  • Respond quickly if you receive reports of spam coming from your account.
  • Install security software, including anti-virus and anti-spyware software, and pop-up blockers.
  • Maintain a firewall on all computers and devices.
  • Set your security software, Internet browser, and operating system to update automatically.
  • Back-up your data regularly to prevent lost data if your computer becomes infected and crashes.
  • Set your browser's security setting to detect unauthorized downloads.
  • Do not select links or open any attachments in emails unless you are familiar with the link or attachment.
  • Only download and install software from trusted websites.
  • Avoid downloading free online software.
  • Never select any links in a pop-up window.
  • Never download software in response to an unexpected pop-up, especially if it claims to have detected malware on your computer.
  • Remember that most legitimate organizations will never ask for personal or account information through email.
  • Never respond to spam.
  • Never reveal personal or financial information in response to an email request.
  • Use common sense. If an offer sounds too good to be true, it probably is.
  • Confirm requests for information by contacting the sender by phone, using the number on an invoice or legitimate email.
  • Tell others who use your devices, including your children, about how to avoid malware.
  • If you suspect your device has malware, immediately disconnect from the Internet, and keep your device disconnected until the malware is removed.
Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Survey Shows IT Pros Are Unable To Keep Up With Data Demands Over Security Concerns

Businesses need access to data to make good decisions, but too much security means data can often be overlooked. We examine the question of security versus data access.

Decentralizing Data Using Cloud Networks Limits Cyber Attack Harm

A cyberattack on a city did not cause major problems because the city had taken proactive measures for just such an incident. We examine the steps taken to minimize damage.

Avoiding Capture From Fake CAPTCHAs

Hackers are at it again. Now they are using the CAPTCHA security tool to trick users to download malware. We show the scheme and how to spot it.