Matthias DrexelIch will wieder zurück zu den Ampel-Bildern...
HackerNoonFake CAPTCHAs are tricking users into installing malware that steals crypto wallets. Learn how they work and how to spot and avoid these scams. https://hackernoon.com/educational-byte-how-fake-captchas-can-steal-your-crypto #fakecaptcha
ZaufanaTrzeciaStrona.plPamiętacie falę fałszywych captchy, które zamiast udowodnić, że nie jesteś robotem, sprawdzały tylko jedno - jak szybko zainstalujesz sobie malware? W 2024 roku internet dał się nabierać na potęgę, a jednocześnie Gen Digital odnotował ponad 2,1 mln zablokowanych infekcji - głównie Lumma Stealerem.
Rok później… Ataki FakeCaptcha wciąż działają i to skutecznie. Ale cyberprzestępcy nie lubią rutyny - właśnie pojawiła się nowa, bardzo kreatywna technika, która przebija poprzednie pod każdym względem.
W swoim wykładzie Maciej Krzyżaniak pokaże najnowszą metodę oszustów z kategorii „zainfekuj się sam”. Zobacz wyjątkowo przebiegłą taktykę socjotechniczną i oceń, czy sam potrafiłbyś jej nie ulec.
Przyjdź na #OhMyHack 2025 i sprawdź swoją odporność 👉️ https://omhconf.pl
Z kodem KOCIEUSZKA można otrzymać dodatkowe 15% zniżki 😉
Rachel E. Tell (is querying)Hey friends, found out about this fake Captcha recently. If you happen to stumble on a website where you see this, do NOT follow the steps. Get out of there and run a malware scan instead.
ResearchBuzz: FirehoseThe Register: Fake CAPTCHA tests trick users into running malware. “The fake CAPTCHA tells them to hit the Windows/Super key and R, then Control and V followed by Enter – a combination which, any reader who’s used a computer for more than a week or so will likely recognize, opens up the Windows Run prompt, pastes whatever the attacker placed in the clipboard, and executes it.”
https://rbfirehose.com/2025/08/23/the-register-fake-captcha-tests-trick-users-into-running-malware/
Paxion CybersecurityGroup UNC5518 hacks real websites to inject fake CAPTCHAs that trick users into running malware.
➡️ One click = malicious PowerShell command
➡️ Payload = CORNFLAKE.V3 backdoor
🔒Stay sharp. Stay secure. Stay Paxion.
#CyberSecurity #Malware #ClickFix #Paxion #FakeCAPTCHA
Hackread.com🚨 New malware alert: Mocha Manakin uses #Clickfix (fakeCAPTCHA) to trick users into deploying a custom backdoor called NodeInitRAT. Red Canary warns it could lead to ransomware!
🔗 https://hackread.com/mocha-manakin-malware-nodeinitrat-via-clickfix-attack
#CyberSecurity #CyberAttack #fakeCAPTCHA #MochaManakin #NodeInitRAT
ANY.RUN☀️ Summer is Here and So Are Fake Bookings 🎣
🚨 #Phishing emails disguised as #booking confirmations are heating up during this summer travel season, using #ClickFix techniques to deliver #malware.
Fake http://Booking.com emails typically request payment confirmation or additional service fees, urging victims to interact with malicious payloads.
👨💻 Fake payment form analysis session: https://app.any.run/tasks/84cffd74-ab86-4cd3-9b61-02d2e4756635/?utm_source=mastodon&utm_medium=post&utm_campaign=seasonal_clickfix&utm_content=linktoservice&utm_term=040625
🔍 A quick search in Threat Intelligence Lookup reveals a clear spike in activity during May-June. Use this search request to find related domains, IPs, and sandbox analysis sessions:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=seasonal_clickfix&utm_content=linktoti&utm_term=040625#%7B%2522query%2522:%2522domainName:%255C%2522booking.%255C%2522%2520AND%2520threatLevel:%255C%2522malicious%255C%2522%2522,%2522dateRange%2522:30%7D%20
Most recent samples use ClickFix, a #fakecaptcha where the victim is tricked into copy-pasting and running a #PowerShell downloader via terminal.
👨💻 ClickFix analysis session: https://app.any.run/tasks/2e5679ef-1b4a-4a45-a364-d183e65b754c/?utm_source=mastodon&utm_medium=post&utm_campaign=seasonal_clickfix&utm_content=linktoservice&utm_term=040625
The downloaded executables belong to the #RAT malware families, giving attackers full remote access to infected systems.
❗️ How to stay safe from seasonal phishing threats during your vacation:
1️⃣ Validate sender domains. Emails from trusted booking providers, hotels, and airlines typically come from official domains such as
@booking
.com,
@airline
.com
2️⃣ Analyze suspicious files with #ANYRUN. Use #ANYRUN’s interactive sandbox to quickly detect threats, safely detonate phishing URLs, and observe malicious behavior in a controlled environment.
3️⃣ Only enter your personal data on trusted websites. Look for a valid HTTPS certificate and double-check that the site belongs to the real service.
4️⃣ Train staff on phishing and brand impersonation tactics, especially during peak travel periods.
🏝️ Have a safe and sweet vacation!
Gi7w0rmNew #Blogpost scheduled for release tomorrow 8 a.m. (UTC+2). Analyzing a new #FakeCaptcha framework I call #HuluCaptcha. Besides codeanalysis, I also analyze 2 new #wordpress #backdoors and server logs. Hope you ll enjoy 😊
The DefendOps DiariesEver trusted a CAPTCHA just to click "I'm not a robot?" Think again—attackers are now using fake CAPTCHAs to sneak malware onto your device. You might be one click away from danger. Read more.
https://thedefendopsdiaries.com/the-clickfix-attack-unmasking-the-fake-captcha-deception/
#clickfixattack
#fakecaptcha
#socialengineering
#cybersecurityawareness
#malwareprevention