As we approach the weekend, a new warning has been issued that a “global attack” is now targeting Windows users in multiple nations worldwide. The campaign is surprisingly basic, but it highlights the risk for the hundreds of millions of Windows 10 customers who will be without security upgrades in a year.
Palo Alto Networks’ Unit 42 warned about the risks of fake new CAPTCHAs last month. Although it didn’t receive much attention at the time, researcher John Hammond’s video on X helped spread the word. McAfee researchers have recently released a fresh alert regarding these fraudulent CAPTCHA popups that are currently circulating.
These assaults should be easy to detect—but they’re designed to be casually effective. The fake challenges are designed to distribute Lumma Stealer.
“These pages have a button that, when clicked, shows instructions for victims to paste PowerShell script into a Run window. This copy/paste PowerShell script retrieves and runs a Windows EXE for Lumma Stealer malware. The associated Lumma Stealer EXE files retrieve and use zip archives that don’t appear to be inherently malicious on their own,” researchers explained.
In its latest research, McAfee cautions that the ClickFix infection chain operates by tricking people into clicking on buttons like Verify you are a human’ or ‘I am not
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: