captcha

Novel Fake CAPTCHA Chain Delivering Amatera Stealer

Extreme TLDR: Blackpoint SOC reports a Fake CAPTCHA campaign delivering Amatera Stealer via a signed Microsoft script, leveraging legitimate Windows components to evade detection. Key tactics include user behavior validation, live configuration from Google Calendar, and PNG steganography for payload delivery. The attack chain is designed to progress only when specific conditions are met, making it hard for detection systems to identify.

Key Findings:
– Uses Fake CAPTCHA and a LO-LBIN script.
– Validates user interactions and clipboard contents.
– Pulls configurations from a Google Calendar.
– Utilizes PNG images for encrypted payload delivery.
– Executes final payload—Amatera Stealer—using complex, layered encryption and evasive networking techniques.

Recommendations: Restrict access to the Run dialog, remove unnecessary App-V components, educate users about lures, enable PowerShell logging, and monitor for suspicious execution patterns.

https://blackpointcyber.com/blog/novel-fake-captcha-chain-delivering-amatera-stealer/

DeepSeek Lure Used To Spread Malware

DeepSeek malware campaign exploits the popularity of the DeepSeek AI chatbot, using look-alike domains to mislead users into executing malware. This includes techniques such as clipboard injection via a fake CAPTCHA page, leading to the installation of the Vidar information stealer. Key concerns raised include the increased risk of data theft and the need for organizations to enforce security measures around generative AI tools.

https://www.zscaler.com/blogs/security-research/deepseek-lure-using-captchas-spread-malware

reCAPTCHA: 819 Million Hours of Wasted Human Time and Billions of Dollars in Google Profits

Google's reCAPTCHA, originally designed to distinguish humans from bots and digitize text, has become a data collection and tracking tool, generating substantial revenue. By 2025, it primarily monitors users' online behavior rather than providing effective bot protection. Research indicates it has wasted 819 million hours of human time, costing society $6.1 billion, while enabling Google to profit from user data. Users cannot avoid reCAPTCHA if they want to access the Internet.

https://boingboing.net/2025/02/07/recaptcha-819-million-hours-of-wasted-human-time-and-billions-of-dollars-google-profit.html

Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection

Lumma Stealer uses fake CAPTCHAs for malware delivery in a global campaign targeting various sectors, particularly telecom. Attackers use social engineering to trick victims into executing commands outside the browser, evading security measures, leveraging techniques like process hollowing and PowerShell obfuscation to bypass defenses. The malware evolves continuously, making detection and prevention challenging, and Netskope provides proactive threat detection against this campaign.

https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection

Scroll to Top