Join the CyberIntelMatrix Free Membership Program today and be part of a constantly evolving CTI community

    This site is protected by reCAPTCHA and the Google and Terms of Service apply

    Back

    New Malware Campaign: Malicious Code Spread via Fake CAPTCHA Attacks

    Posted on

    Introduction: The Rise of CAPTCHA-Based Attacks

    Cyber threats grow more advanced every day. In a recent example, attackers are using fake CAPTCHA tests—a common tool to distinguish humans from bots—to distribute malware. By tricking users into clicking familiar buttons, cybercriminals spread malicious code. This article will explain how this attack works, who it targets, and the potential damage it can cause.

    How Does the Fake CAPTCHA Attack Work?

    Attackers rely on user habits. People often click the “I’m not a robot” button without a second thought, which is what the attackers exploit. Clicking this button now copies malicious code directly to the user’s clipboard. Additional “verification” steps seem normal but actually execute this code, infecting the device.

    Targeted Platforms and Affected Users

    According to Kaspersky researchers, these attacks spread through online ads, adult sites, file-sharing platforms, betting websites, anime sites, and apps that monetize traffic. This campaign, observed from mid-September to October, casts a wider net, reaching beyond previous targets like gamers.

    The Malware Behind the Attacks: Lumma and Amadey

    Two main types of malware power this attack: Lumma and Amadey.

    Lumma: This malware, available since 2022, steals data from infected devices. It:
    – Scans for and steals cryptocurrency wallet files.
    – Extracts browser-stored cookies and credentials.
    – Transmits data to command servers, allowing attackers to use it maliciously.

    Lumma also mimics adware, visiting online stores to generate revenue for attackers by increasing page views.

    Amadey: This botnet has been active since 2018 and is available for around $500 on hacker forums. It:
    – Installs modules that steal browser credentials.
    – Detects cryptocurrency addresses copied to the clipboard and replaces them with attacker-controlled addresses.
    – Can take screenshots and download the Remcos remote access tool, giving attackers full control over devices.

    Impacted Regions and High-Risk Countries

    Kaspersky’s report shows these attacks most often affect users in Brazil, Spain, Italy, and Russia. The success of this attack lies in its simplicity—users are used to CAPTCHAs, making them more likely to interact without caution.

    Conclusion: Staying Protected Against CAPTCHA Malware

    While the full impact of these attacks remains uncertain, user awareness is crucial. Users should stay cautious when interacting with verification tools online. Updated antivirus software and regular security updates help reduce the chance of infection.

     

    Source: https://therecord.media/fake-captcha-malware-campaign-lumma-amadey