1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Fake CAPTCHA pages used to spread infostealer malware

    From TechnologyDaily@1337:1/100 to All on Tuesday, December 17, 2024 21:15:04
    Fake CAPTCHA pages used to spread infostealer malware

    Date:
    Tue, 17 Dec 2024 21:09:00 +0000

    Description:
    BeMob and Monetag are being spread by campaign called DeceptionAds.

    FULL STORY ======================================================================Security
    researchers spot campaign to distribute Lumma Stealer malware A fake CAPTCHA page comes with a JavaScript that copies malicious code into the clipboard To "solve" the fake CAPTCHA, users are told to paste the code in CMD and run it

    Fake CAPTCHA pages are being used to trick victims into downloading and running the Lumma infostealer malware .

    Security researchers at Guardio Labs recently discovered a major malicious operation, targeting millions of people, called DeceptionAds.

    The campaign abuses two legitimate services, the Monetag ad network and
    BeMob, a cloud-based performance tracking platform. It starts with fake ads, promoting things that appeal to the host sites audience, such as fake offers, downloads, or different services - with pirate streaming and software platforms apparently among the most common themes. Vane Viper

    When the victim clicks on the ad, they are redirected to a fake CAPTCHA page through the BeMob cloaking service. This makes moderation difficult, since BeMob is a legitimate service, and as such, is not being removed from the Monetag ad network by default.

    "By supplying a benign BeMob URL to Monetag's ad management system instead of the direct fake captcha page, the attackers leveraged BeMob's reputation, complicating Monetag's content moderation efforts," Nati Tal, head of Guardio Labs, said in a writeup.

    The CAPTCHA page comes with a piece of JavaScript code that copies a
    malicious PowerShell one-line command into the clipboard. However, the victim still needs to paste that code into the CMD and run it, which is where the CAPTCHA solution comes in. To solve the CAPTCHA, users are required to bring up the Windows Run dialog, press CTRL+V (paste), and hit enter.

    This runs the command that downloads and executes Lumma Stealer. The group behind the attack is called Vane Viper.

    Lumma is a popular infostealer in the underground community. It is capable of stealing a wide range of sensitive information , including cryptocurrency wallets, browser data, email credentials, financial information, FTP client data, and system information.

    When Monetag and BeMob were notified of the campaign, both companies stepped in to address the issue. Monetag removed 200 accounts, while BeMob terminated the campaign in four days.

    Via BleepingComputer You might also like Sneaky malware abuses CAPTCHA to bypass browser protections Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fake-captcha-pages-used-to-spread-infos tealer-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)