While CAPTCHA tests may seem unremarkable to some, a new security alert warns of hackers exploiting them for gains. Therefore, if you don’t pay attention to them, it might be a good idea to start now.
Inattention to safety guardrails can cause users to click on something that might prove expensive in the long run. This is what hackers are trying to exploit and that’s why security experts are issuing warnings.
In the past couple of weeks, there have been growing discussions about hackers rolling out fake CAPTCHA tests that install malware through a Windows computer. This is the case when instructions are not followed carefully.
Such tests are designed to remove bots by forcing visitors to enter websites that prove they’re not humans. To do that, these tests can ask users to click on the correct objects such as images or certain terms.
The malicious attempts take on a similar approach where users are asked to enter certain commands through the keyboard. These instructions might appear benign and seem simple but the reality is that Windows users install such malware. This can end up eating your passwords, sensitive data, and cookies too, not to mention crypto wallet details.
This particular CAPTCHA test will ask users to click on Windows and the R key that triggers the opening up of the PC to run dialogs. It launches programs this way. Soon after that, it asks users to click on the CTRL + V command and then enter.
When users do this instantly, it might not be quick to understand that they gave out a command that helps malware enter the system. Moreover, this alert was first raised by security experts last month who found hackers lurking around.
They are now triggering us to copy scripts after visiting a harmful website that hosts these fake tests. After inspecting sources, experts were able to retrieve JavaScript snippets. After the code for verification is pressed, codes get copied automatically on a clipboard. Then, the fake tests show up as spotted by one leading security researcher.
He says the attack is occurring on a routine basis and therefore needs to be brought to users' attention before it is too late. Such dangerous tests continue to be circulated to targets who send them by generating phishing emails or texts related to this. Hence, any usual demand for a CAPTCHA test should never be entertained.
Image: Mohamed Aruham #boleh / X
Read next: Meta’s Head For Global Affairs Says Parents Are Not Using Child Safety Tools To Keep Checks On Kids Online
Inattention to safety guardrails can cause users to click on something that might prove expensive in the long run. This is what hackers are trying to exploit and that’s why security experts are issuing warnings.
In the past couple of weeks, there have been growing discussions about hackers rolling out fake CAPTCHA tests that install malware through a Windows computer. This is the case when instructions are not followed carefully.
Such tests are designed to remove bots by forcing visitors to enter websites that prove they’re not humans. To do that, these tests can ask users to click on the correct objects such as images or certain terms.
The malicious attempts take on a similar approach where users are asked to enter certain commands through the keyboard. These instructions might appear benign and seem simple but the reality is that Windows users install such malware. This can end up eating your passwords, sensitive data, and cookies too, not to mention crypto wallet details.
This particular CAPTCHA test will ask users to click on Windows and the R key that triggers the opening up of the PC to run dialogs. It launches programs this way. Soon after that, it asks users to click on the CTRL + V command and then enter.
Actually yes, we saw a case of that same lure earlier this week. :) Cutesy copy-pasta, I am trying to weight if it is worth a video or not 😅 pic.twitter.com/CKm73xeqMK
— John Hammond (@_JohnHammond) September 12, 2024
When users do this instantly, it might not be quick to understand that they gave out a command that helps malware enter the system. Moreover, this alert was first raised by security experts last month who found hackers lurking around.
They are now triggering us to copy scripts after visiting a harmful website that hosts these fake tests. After inspecting sources, experts were able to retrieve JavaScript snippets. After the code for verification is pressed, codes get copied automatically on a clipboard. Then, the fake tests show up as spotted by one leading security researcher.
He says the attack is occurring on a routine basis and therefore needs to be brought to users' attention before it is too late. Such dangerous tests continue to be circulated to targets who send them by generating phishing emails or texts related to this. Hence, any usual demand for a CAPTCHA test should never be entertained.
Read next: Meta’s Head For Global Affairs Says Parents Are Not Using Child Safety Tools To Keep Checks On Kids Online
