TZUTC: -0500   
   MSGID: 531.consprcy@1:2320/105 2c400f74   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Fake CAPTCHAs are being used to spread malware - and we only have ourselves    
   to blame   
      
   Date:   
   Tue, 18 Mar 2025 21:02:00 +0000   
      
   Description:   
   HP research highlights rise in the abuse of verification tests.   
      
   FULL STORY   
      
   New research has claimed victims are increasingly infecting themselves with   
   malware thanks to a surge in fake CAPTCHA verification tests - taking   
   advantage of a growing click tolerance as users are increasingly accustomed    
   to jumping through hoops to authenticate themselves online.    
      
   This isnt the first report to flag this attack, with security researchers   
   identifying fake CAPTCHA pages spreading infostealer malware in late 2024,    
   but HPs latest Threat Insights Report now warns this is on the rise.    
      
   Users were commonly directed to attacker-controlled websites, and then pushed   
   to complete convincing but fake authentication challenges.   
      
   More campaigns identified   
      
   These false CAPTCHAs usually trick users into running malicious PowerShell   
   commands on their device that install a Lumma Stealer remote access trojan -    
   a popular infostealer capable of exfiltrating a wide range of sensitive   
   information, like browser details, email credentials, client data, and even   
   cryptocurrency wallets.    
      
   Fake CAPTCHA spreading wasnt the only threat uncovered, with attackers also   
   able to access end-users webcams and microphones in concerning attacks spread   
   via social engineering attacks, primarily using open source RAT and XenoRat    
   to control devices, exfiltrate data, and log keystrokes.    
      
   Alongside this, attackers were observed delivering malicious JavaScript code   
   inside Scalable Vector Graphic (SVG) images to evade detection. These images   
   are opened by default in browsers, and the embedded code is executed,    
   offering redundancy and monetization opportunities for the attacker thanks to   
   the remote access tools.    
      
   "A common thread across these campaigns is the use of obfuscation and   
   anti-analysis techniques to slow down investigations," said Patrick Schlpfer,   
   Principal Threat Researcher in the HP Security Lab.    
      
   Even simple but effective defence evasion techniques can delay the detection   
   and response of security operations teams, making it harder to contain an   
   intrusion. By using methods like direct system calls, attackers make it   
   tougher for security tools to catch malicious activity, giving them more time   
   to operate undetected  and compromise victims endpoints."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/fake-captchas-are-used-to-spread-malwar   
   e-hp-warns   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426