Think twice before you click: this captcha might steal your money


Windows users risk losing funds from crypto wallets and other personal data from a new form of attack involving captcha verification.

Malicious actors have found a new way to trick users into infecting their systems: by using fraudulent “human verification” pages that mimic legitimate websites.

In a report, infosec specialist Tonmoy Jitu explains that the users are being tricked into executing a malicious PowerShell script. Once a device is infected, cybercriminals can steal sensitive information, including passwords, session tokens, cryptocurrency wallets, and other personal data from the compromised machine.

ADVERTISEMENT

Don’t copy/paste this

Everyone is familiar with captcha verification, a tool used to distinguish between human users and bots. Sometimes, it requires solving a simple math problem, while other times, it asks you to select specific images.

In the latest scam, the users are asked to copy/paste a PowerShell script into their system’s Run window. By convincing victims to run this script, attackers gain control over the victim’s machine to download and execute the Lumma Stealer malware.

Lumma malware has been operating as malware-as-a-service since at least August 2022. It steals data from browsers, including credentials, cookies, autofill, and browser extension data.

lumma stealer captcha
source: Denwp Research

Some of the fake captcha websites include:

  • ch3[.]dlvideosfre[.]click/human-verify-system[.]html
  • get-verified.b-cdn[.]net/captcha-verify-v5[.]html
  • get-verified2.b-cdn[.]net/captcha-verify-v2[.]html
  • human-check.b-cdn[.]net/verify-captcha-v7[.]html
  • human-verify02.b-cdn[.]net/captcha-verify-v2[.]html
  • myapt67[.]s3[.]amazonaws[.]com/human-captcha-v1[.]html
  • myapt67[.]s3[.]amazonaws[.]com/human-verify-system[.]html

ADVERTISEMENT