{"id":23887,"date":"2025-01-16T10:30:00","date_gmt":"2025-01-16T09:30:00","guid":{"rendered":"https:\/\/www.defencetech.it\/?p=23887"},"modified":"2025-06-10T10:03:13","modified_gmt":"2025-06-10T08:03:13","slug":"malicious-captcha-malware-analysis-report","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/malicious-captcha-malware-analysis-report\/","title":{"rendered":"Malicious captcha - Malware Analysis Report"},"content":{"rendered":"<p>Recent months have seen the widespread use of an emerging technique, which exploits <strong>captcha <\/strong>fraudulent to deceive users and induce them to perform actions that would lead to malware infections.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>Captcha, traditionally used to distinguish bots from humans, are being manipulated to convey malicious commands.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>When the user interacts with the compromised captcha, a command <strong>PowerShell<\/strong> malicious command is automatically copied to the clipboard. Immediately afterwards, a pop-up instructs the user to use the key combination to open the Windows 'Run' utility, paste the copied command and press 'Enter'. This sequence leads to the execution of a command that downloads and executes malware from a remote server.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>The distributed payload includes malware such as <strong>LummaC2<\/strong> and <strong>Rhadamanthys<\/strong>known for their advanced capabilities to steal information, such as login credentials or sensitive data. The malware is equipped with a callback mechanism that notifies the threat actor in the event of a successful infection, allowing it to obtain information of the infected user, such as IP address and location.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>This technique, which uses social engineering to manipulate users, has high potential in campaigns of <strong>phishing<\/strong> o <strong>malvertising<\/strong>given its ability to disguise itself behind an appearance that is legitimate and familiar to users.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>If you wish to learn more, here is the link to our <strong><a title=\"full report\" href=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Report-Malicious-captcha.pdf\">full report<\/a><\/strong>.<\/p>\r\n\r\n\r\n\r\n<p><span data-contrast=\"none\">In addition, you can subscribe to the specific mailing list <b>Cyber Studios by Tinexta Defence<\/b>, to receive updates on upcoming research: <\/span><a href=\"https:\/\/tinextadefence.it\/en\/cyber-studios-mailing-list\/\"><span data-contrast=\"none\">https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>The last few months have seen the widespread use of an emerging technique that exploits fraudulent captcha to trick users into performing actions that would lead to malware infections.  Captcha, traditionally used to distinguish bots from humans, are manipulated to convey malicious commands.  When the user interacts with the [...]<\/p>","protected":false},"author":2,"featured_media":26257,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[110],"class_list":["post-23887","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness","tag-articoli"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malicious captcha - Malware Analysis Report - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/malicious-captcha-malware-analysis-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malicious captcha - Malware Analysis Report - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Negli ultimi mesi si \u00e8 vista una forte diffusione dell&#8217;utilizzo di una tecnica emergente, la quale sfrutta captcha fraudolenti per ingannare gli utenti e indurli a eseguire azioni che porterebbero ad infezioni di malware.\u00a0 I captcha, tradizionalmente utilizzati per distinguere bot da esseri umani, vengono manipolati per veicolare comandi malevoli.\u00a0 Quando l\u2019utente interagisce con il [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/malicious-captcha-malware-analysis-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-16T09:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-10T08:03:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Simone Sorte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Simone Sorte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/\"},\"author\":{\"name\":\"Simone Sorte\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\"},\"headline\":\"Malicious captcha &#8211; Malware Analysis Report\",\"datePublished\":\"2025-01-16T09:30:00+00:00\",\"dateModified\":\"2025-06-10T08:03:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/\"},\"wordCount\":247,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"keywords\":[\"Articoli\"],\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/\",\"url\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/\",\"name\":\"Malicious captcha - Malware Analysis Report - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"datePublished\":\"2025-01-16T09:30:00+00:00\",\"dateModified\":\"2025-06-10T08:03:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"width\":1200,\"height\":640,\"caption\":\"Immagine in evidenza astratta per gli articoli di Tinexta Defence\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malicious captcha &#8211; Malware Analysis Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\",\"name\":\"Simone Sorte\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"caption\":\"Simone Sorte\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malicious captcha - Malware Analysis Report - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/malicious-captcha-malware-analysis-report\/","og_locale":"en_GB","og_type":"article","og_title":"Malicious captcha - Malware Analysis Report - Tinexta Defence","og_description":"Negli ultimi mesi si \u00e8 vista una forte diffusione dell&#8217;utilizzo di una tecnica emergente, la quale sfrutta captcha fraudolenti per ingannare gli utenti e indurli a eseguire azioni che porterebbero ad infezioni di malware.\u00a0 I captcha, tradizionalmente utilizzati per distinguere bot da esseri umani, vengono manipolati per veicolare comandi malevoli.\u00a0 Quando l\u2019utente interagisce con il [&hellip;]","og_url":"https:\/\/tinextadefence.it\/en\/malicious-captcha-malware-analysis-report\/","og_site_name":"Tinexta Defence","article_published_time":"2025-01-16T09:30:00+00:00","article_modified_time":"2025-06-10T08:03:13+00:00","og_image":[{"width":1200,"height":640,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","type":"image\/jpeg"}],"author":"Simone Sorte","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Simone Sorte","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/"},"author":{"name":"Simone Sorte","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941"},"headline":"Malicious captcha &#8211; Malware Analysis Report","datePublished":"2025-01-16T09:30:00+00:00","dateModified":"2025-06-10T08:03:13+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/"},"wordCount":247,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","keywords":["Articoli"],"articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/","url":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/","name":"Malicious captcha - Malware Analysis Report - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","datePublished":"2025-01-16T09:30:00+00:00","dateModified":"2025-06-10T08:03:13+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","width":1200,"height":640,"caption":"Immagine in evidenza astratta per gli articoli di Tinexta Defence"},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/malicious-captcha-malware-analysis-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"Malicious captcha &#8211; Malware Analysis Report"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941","name":"Simone Sorte","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","caption":"Simone Sorte"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/23887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=23887"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/23887\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/26257"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=23887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=23887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=23887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}