When you visit a web page, you may see a CAPTCHA to verify that you are genuine and not a bot. These usually include a jumble of words, a few recognizable images, or just a box that says “I’m not a robot.”
CAPTCHAs are harmless, but hackers use them to infect your PC with malware.
Security researchers have discovered a large-scale fake CAPTCHA campaign spreading dangerous Lumma information-stealing malware that can bypass security measures such as Safe Browsing.
This campaign shows how malvertising works, with over 1 million ad impressions every day and thousands of victims losing their accounts and money across a network of over 3,000 sites. Learn more about how this scam works, who’s responsible, and how to protect yourself.
Get security alerts, tips from experts – Sign up for Cart Newsletter – Cyber Guy Report here
Illustration of a scammer (Kurt “Cyber Guy” Knutson)
How does fraud work?
As reported Written by Guardio, Fake CAPTCHA scams are sophisticated malvertising campaigns that trick you into unknowingly installing malware under the guise of regular CAPTCHA verification. Cyber-attacks begin when you are browsing a website, often one that offers free streaming, downloads, or pirated content. These sites are used by hackers to display what looks like a legitimate CAPTCHA verification page.
What is artificial intelligence (AI)?
This page mimics a real CAPTCHA and asks you to confirm that you are a human. However, this step is designed to initiate harmful actions, such as triggering the Windows Run dialog. Users unknowingly paste and execute crafted PowerShell commands to silently install Lumma information stealing malware on their systems.
This malware targets sensitive data such as social media accounts, banking credentials, saved passwords, and personal files, which can lead to financial and identity theft.
Fake CAPTCHA illustration (Guardio)
Here’s what ruthless hackers stole from 110 million AT&T customers
Who is responsible for this?
Fake CAPTCHA scams show how the internet’s advertising system has become so confusing that everyone involved benefits. Guardio Labs points out that ad networks like Monetag are a big part of the problem. They use techniques such as cloaking to distribute disguised malicious ads during moderation. Publishers, especially those offering free or pirated content, make the problem even worse by running these questionable ads on their sites without verifying what they are actually showing users. .
Additionally, there are services like BeMob that allow scammers to hide non-malicious links behind innocuous-looking URLs. These companies call themselves analytical tools, but they help hide fraudulent activity. Hosting providers cannot escape responsibility either. These are where fake CAPTCHA pages reside, and people often don’t bother checking what’s being hosted.
Of course, it’s the scammers themselves who are pulling the strings. However, they spread their activities across so many platforms that it is almost impossible to track them. Guardio’s research shows how all these moving parts work together to create a system where no one is held accountable and fraud continues to occur.
CLICK HERE TO GET FOX BUSINESS ON THE GO
Illustration of a scammer at work (Kurt “Cyber Guy” Knutson)
Beware of encrypted PDFs as the latest method to deliver malware
6 ways to protect yourself from fake CAPTCHAs
1. Use reliable security software. Keeping your antivirus and anti-malware software up to date is one of the most effective ways to protect yourself from fake CAPTCHA scams. Powerful antivirus software detects and blocks malware like Lumma information stealer before it can infect your device. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
2. Enable browser protection. Modern browsers have built-in security features such as Safe Browsing and Anti-phishing that warn you about potentially dangerous sites. Please make sure these features are enabled in your browser settings. These tools warn you about malicious links or fake CAPTCHAs that try to trick you into downloading malware.
3. Be wary of “free” content. There’s a saying: “If something is free, you are what they are selling.” Websites that offer free downloads, streaming services, or pirated content are often associated with malvertising campaigns. Fake CAPTCHA scams are usually spread through these types of sites, where users are tricked into clicking on malicious ads or links. Even if the site looks attractive, it’s important to be careful. Don’t click on suspicious links or use “free” services. These can be traps to infect your device with malware.
4. Avoid clicking on suspicious ads. Always be wary of ads that appear out of nowhere or that seem too good to be true. Fake CAPTCHA scams often appear as legitimate ads and ask you to click to verify your identity. Never interact with pop-up ads or unfamiliar banners, especially those that claim to give you something for free. These can lead to malicious pages or download malware. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
5. Check HTTPS and look for signs of a legitimate site. Please make sure the website is secure before entering personal information or interacting with CAPTCHAs. Look for “” in the website URL. This indicates that the connection is encrypted. Legitimate websites tend to have a professional look, so if something feels off or the design looks poor, trust your instincts and leave the site.
6. Enable two-factor authentication. two-factor authentication It adds an extra layer of security and makes it harder for attackers to access your account.
What to do if your bank account is hacked
Cart important points
There is no doubt that the threat of fake CAPTCHA scams is growing, putting millions of people at risk of malware infection and financial loss. Even more concerning is that despite widespread recognition of the problem, ad networks, publishers, and hosting services continue to allow malicious campaigns to spread through their platforms. Involved companies must take immediate action to improve content management, strengthen security measures, and prevent the spread of these scams. Dangerous loopholes exist in the digital advertising ecosystem that can have serious consequences for internet users.
CLICK HERE TO GET THE FOX NEWS APP
Do you think ad networks and publishers should be held responsible for the spread of malware through their platforms? Email us at. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you’d like us to feature.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
