Avoiding Capture From Fake CAPTCHAs

Online criminals are spreading the Lumma Stealer malware through fake human verification pages disguised as Google's CAPTCHA system.

When users click on these fake verification buttons, they are instructed to paste a PowerShell script into their Run window, which then downloads and executes the malware.

This malware can steal sensitive data such as passwords, browser information, and cryptocurrency wallet details. Users are advised to be cautious and avoid interacting with suspicious verification pages.

The source provides a breakdown of the hack:

According to Cloudsek researchers, they [make] these schemes by creating fake human verification pages forcing the user to download malware. The whole process is very simple, yet effective: a user clicking on a link finds himself on a page, supposedly Google CAPTCHA, asking him to click on the "I am not a robot" button. From that point, an unsuspecting user starts a really dangerous chain reaction.

When the fake CAPTCHA is clicked, a PowerShell script is copied to the user's clipboard. On pasting and running this command, the hidden PowerShell window launches an encoded base64 script that obtains further instructions from a remote server. This downloads and executes Lumma Stealer malware, which, without an easy replacement process, connects to attacker-controlled domains.

https://www.techtimes.com/articles/307852/20241014/beware-windows-users-hackers-spread-lumma-stealer-malware-through-fake-human-verification-pages.htm (Oct. 14, 2024).

Commentary

CAPTCHA ("Completely Automated Public Turing Test to Tell Computers and Humans Apart") is a type of challenge-response test used to determine whether a user is human or some type of spam bot.

A common challenge presents images and asks you to select from the six images those that contain a particular object, like a car or stop sign. There are other variations of the popular security protocol. The challenge presented is easy for humans to solve (not always - especially if on a small screen), but is difficult for the bots.

Ironically, one of the purposes of CAPTCHA is to prevent phishing and other social engineering that is inherent with spam, but now the online criminals have adapted and are exploiting a common security tool.

So, how do you prevent becoming captured by a fake CAPTCHA?

First, you understand (or should understand by now) how CAPTCHA works. CAPTCHA never asks that you download a file or run commands. So if a "CAPTCHA" security protocol asks for you to do any additional steps, like run a command or download a file" you need to stop and not engage.

Other steps to avoiding malware include:

  • Respond quickly if you receive reports of spam coming from your account.
  • Install security software, including anti-virus and anti-spyware software, and pop-up blockers.
  • Maintain a firewall on all computers and devices.
  • Set your security software, Internet browser, and operating system to update automatically.
  • Back-up your data regularly to prevent lost data if your computer becomes infected and crashes.
  • Set your browser's security setting to detect unauthorized downloads.
  • Do not select links or open any attachments in emails unless you are familiar with the link or attachment.
  • Only download and install software from trusted websites.
  • Avoid downloading free online software.
  • Never select any links in a pop-up window.
  • Never download software in response to an unexpected pop-up, especially if it claims to have detected malware on your computer.
  • Remember that most legitimate organizations will never ask for personal or account information through email.
  • Never respond to spam.
  • Never reveal personal or financial information in response to an email request.
  • Use common sense. If an offer sounds too good to be true, it probably is.
  • Confirm requests for information by contacting the sender by phone, using the number on an invoice or legitimate email.
  • Tell others who use your devices, including your children, about how to avoid malware.
  • If you suspect your device has malware, immediately disconnect from the Internet, and keep your device disconnected until the malware is removed.
Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Do Employees Want More Or Better Benefits? You Make The Call

Research suggests the size of a benefits package is not necessarily what increases employee satisfaction. You make the call.

Ignoring Reports Of Discrimination: An Unhealthy Risk For Healthcare Employers

A hospital administrator sued her former healthcare employer for retaliation after she reported age and gender discrimination. Learn about the risks of ignoring complaints.

Pretextual Terminations And Selective Enforcement Of Policies

The head of Kansas City's Civil Rights and Equal Opportunity Department was terminated, allegedly based on discrimination. We examine the issue of pretextual terminations.

Is Your Organization Facing A "Perfect Storm" Of Well-Being Challenges? You Make The Call

A UK study claims a perfect storm of well-being challenges have hit the UK. What about your organization? Let us know. You make the call and join the conversation.

Physician's Methods And Manners Spark Mass Litigation

A group of female patients sue a medical center because of the actions of one doctor, who denies any wrongdoing. How should healthcare employers prevent mass claims of sexual abuse? We examine.