Cyber security professionals are warning about a new cyber-attack vector: Lumma Stealer malware that uses fake CAPTCHA tests to spread malware on Windows devices. Users are advised to maintain caution when filling out a CAPTCHA challenge.
“We have identified more active malicious sites spreading the Lumma Stealer. It’s important to note that while this technique is currently being used to distribute Lumma Stealer, it could potentially be leveraged to deliver any type of malicious malware to unsuspecting users,” say experts from Cloud SEK.
How does CAPTCHA work?
A CAPTCHA traditionally works as a security checkpoint, making sure that online activities are started by humans and not automated bots. However, hackers are misusing the CAPTCHA for malicious gains, creating a fake CAPTCHA challenge. When a user completes it, the CAPTCHA deploys a series of malicious commands.
The fake CAPTCHA tests ask request users to press a sequence that many users think is harmless. But, doing so starts the download and activation of a Power Shell script that installs the Lumma Stealer malware.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents