Alert, Cybercriminals Use Fake CAPTCHA To Steal User Data

CAPTCHA illustration (photo: Cloudflare)

JAKARTA - global cybersecurity firm Kaspersky discovered a new wave of malicious campaigns spread through web ads and aimed at Windows PC users.

During September - October 2024 alone, Kaspersky noted there were more than 140,000 meetings with malicious advertising and more than 20,000 users transferred to fake pages, with users from Brazil, Spain, Italy and Russia as the most targets.

In a new wave of attacks, Kaspersky researchers identified an attack scenario using CAPTCHA, a security feature used on websites and applications to verify whether the user is a human or a program or an automated bot.

In this attack method, Kaspersky explains that users will be directed to fake CAPTCHA pages after clicking on hidden ads that appear to be Chrome or CAPTCHA error pages.

When users follow instructions to "prove they are not robots" by clicking on fake CAPTCHA, they actually unknowingly activate PowerShell commands copied into their billboards. If they enter the code and press Enter, the order will download malware on their device.

The malware then searches for files related to crypto assets, cookies, and password manager data on victims' devices. The malware also visits web pages of various e-commerce platforms, increases the number of views, and gives attackers additional financial benefits.

Kaspersky found that the new wave of attacks not only targeted gamers, but also other groups, and distributed through file sharing services, web apps, bookmaker portals, adult content pages, anime communities, and other channels.

"Corporate users and individuals must be careful and think critically before following any suspicious orders they see online," said Vasily Kolesnikov, Security Expert at Kaspersky.