Fake CAPTCHA Malware Campaign Expands, Targeting a Broader Audience

Posted on By John Neff 4 Comments on Fake CAPTCHA Malware Campaign Expands, Targeting a Broader Audience
Day
00
–:–
Post Activated
Scroll down to press Like

A new malware campaign leverages fake CAPTCHAs to spread malicious software, taking advantage of users’ instinct to quickly click through verification screens. Researchers at the Russian cybersecurity firm Kaspersky observed that this campaign primarily targets users through online ads, adult sites, file-sharing platforms, betting sites, anime websites, and traffic-monetizing web apps.

Initially, earlier versions of this malware campaign focused on gamers, distributing information-stealing malware on sites hosting cracked games. The recent expansion, observed from mid-September to October, reflects a broadened distribution network likely intended to reach a wider range of victims.

How the Fake CAPTCHA Attack Works

The malware, known as Lumma and Amadey, tricks users into clicking a seemingly normal CAPTCHA. However, instead of simple verification, clicking the “I’m not a robot” button copies malicious code to the user’s clipboard, while other verification steps initiate malware downloads.

  • Lumma Infostealer: Once installed, Lumma searches for cryptocurrency wallets and steals files, cookies, and browser-stored credentials. After data exfiltration, Lumma reportedly visits various online stores to drive views, functioning similarly to adware.
  • Amadey Botnet: Amadey, a botnet available since 2018, has joined the campaign as a new addition. It downloads modules to steal browser credentials, intercept cryptocurrency wallet addresses, and replace them with attacker-controlled addresses. Some versions can also take screenshots and download the Remcos remote access tool, giving attackers control over the victim’s device.

Global Impact and Evolving Threats

While it remains unclear which groups are behind this attack, affected users were primarily located in Brazil, Spain, Italy, and Russia. The addition of Amadey to this campaign suggests an escalation, as the botnet, marketed on Russian hacking forums for $500, broadens attackers’ capabilities.

Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com

Blogging, Cybersecurity, Cybersecurity Awareness, Data and Credential Theft, Emerging Cyber Threats, Malware Analysis, Online Threats and Scams, Uncategorized Tags:, , , , , , , , , , , , , , , , , , ,

Related Posts

Russian-Linked Malware Campaign Targets European Hospitality Sector Using Fake ‘Blue Screen of Death’ Attacks Blogging
FORMER FRESNO ARTS COUNCIL MANAGER PLEADS GUILTY IN $1.8 MILLION EMBEZZLEMENT CASE: FEDERAL CHARGE DETAILS MISUSE OF PUBLIC ARTS FUNDING AND INTERNAL FINANCIAL CONTROL FAILURES Blogging
Cybersecurity Report: September 3rd, 2024 Blogging
Embracing the Eclipse: A Call for Vigilance Astronomical Events
TRJ CYBERSECURITY — NORTH KOREAN LAZARUS OPERATORS DEPLOY MEDUSA RANSOMWARE IN CROSS-REGIONAL ATTACKS Blogging
Here’s your 30 Sec TikTok Read for the day: Blogging

Comments (4) on “Fake CAPTCHA Malware Campaign Expands, Targeting a Broader Audience”

Leave a Reply

Discover more from The Realist Juggernaut

Subscribe now to keep reading and get access to the full archive.

Continue reading