Understanding CAPTCHA
Cybersecurity experts warn against a new trick being used by cybercriminals, which is fake CAPTCHA. This is a familiar Im Not a computer test designed to infect malware into users devices, according to indianexpress.
CAPTCHA is the acronym for the English phrase "Completely Automated Public Turing test to tell Computers and Humans Apart", translated as "ally automatically publicized Turing test to distinguish between computers and humans".
This tool often appears as an image select, enter distorted text, audio signal, or simply mark in the box (reCAPTCHA) to confirm you are human, not a bot.
However, according to Zakir Hussain Rangwala, CEO of BD Software Distribution Pvt Ltd (sponsoring cybersecurity solutions), cybercriminals have taken advantage of users' subjective habits to distribute malware through fake CAPTCHA.
These checks often appear on hacked websites, malicious advertisements, scam emails or fake domain names of reputable sites.
sophisticated attack methods
A report by CloudSEK's Threat Research and Information Analysis Agency (TRIAD) shows that an attack campaign is taking advantage of fake CAPTCHA to distribute Lumma Stealer software (specializing in stealing data on Windows).
The attackers created a fake website of Google CAPTCHA, stored on multiple servers and took advantage of the content distribution network (CDN) to increase legality.
When accessing, users will be instructed to open the Run dialogue (Win+R), paste a PowerShell command encoded with base64 and click Enter. This order downloaded Lumma Stealer from the investor's server to the victim's machine.
According to researcher Anshuman Das (CloudSEK), clicking on fake CAPTCHA is not immediately harmful, but following alongcoming instructions such as downloading a file or pasting a new command is a serious risk factor.
How to distinguish real and fake CAPTCHA
Expert Deependra Singh ( Betul Police, MP) pointed out:
CAPTCHA is actually on reputable websites, requiring simple operations such as selecting an image or typing.
Fake CAPTCHAs often require unusual actions such as allowing notification, downloading files, entering personal or financial information.
In addition, when users are required to check the URL to detect spelling errors, strange characters or suspicious domain names. CAPTCHA appearing as an independent pop-up instead of being integrated into the website is also a warning sign.
What to do immediately if you suspect you have encountered a fake CAPTCHA:
- Remove from the website immediately.
- Internet disconnection.
- Run a comprehensive viral scan.
- Delete cushioning memory, cookies, strange extension utilities.
- Change the passwords of important accounts.
- Dele all files that have just been downloaded but not yet opened.
Mr. Zakir Hussain Rangwala warned that sectors such as e-commerce and online games are likely to become targets of fake CAPTCHA because they involve a lot of sensitive data.
Users should not click on unknown origin links and always check the URL address. Because, a wrong pinch of the ball can cost both money and privacy.
