Sneaky malware abuses CAPTCHA to bypass browser protections

Don’t follow CAPTCHA blindly, security researchers warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityexperts have shared details about a novelmalwarecampaign that bypassesbrowserwarnings by tricking users into complying with a fake CAPTCHA challenge.

The security researchers known as theMalwareHunterTeamprovided BleepingComputer with a suspicious-looking URL, which takes victims to a webpage that includes an embeddedYouTubevideo.

As soon as the victims hit the Play button, the webpagedownloadsan executable named console-play.exe, which it camouflages behind a fake CAPTCHA challenge.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Decoding the trickery,BleepingComputerreveals that the fake CAPTCHA gets the victims to press the right keys to overrule the browser’s suspicions about the executable file, enabling the malicious file to download the malware onto the computer.

Captcha trickery

Captcha trickery

Since the file that the Play button asks the browser to download is an executable, virtually all modernweb browserswill display a prompt asking the users to confirm the action.

To bypass this warning, the scam brings up the fake CAPTCHA challenge, which prompts the user to enter a series of keys. Embedded within the list of keys to be pressed is theTabkey and theEnterkey.

TheTabkey will change the focus of the browser’s prompt to ignore the warning, and theEnterkey will confirm the choice and download the file.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Once the malicious executable is on your computer it will jump through hoops before downloading theGozi/Ursnif banking trojan, which will then get to its nefarious purposes and steal account credentials and further infect the computer by pulling in more malware.

Notably,this is the second scamin as many weeks that has capitalized on internet users’ trust in CAPTCHA challenges to manipulate victims.

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics