Malicious Captcha

Another day and a new way for malicious actors try and compromise your system and or accounts. I think everyone is aware of the captcha validation services; this is a way for companies and websites to try and validate you are a human and not a bot.

A new malicious tactic is where the actors will create infected captcha or on a malicious fake website the malicious actor will place a captcha on the page, this is to make the website “seem” secure as we have all grown to expect these types of human confirmations.

Instead of asking the user to click on a series of photos or type in a number, the user is instructed to copy a [malicious] script or, in a more recent version of the scam, press the Windows button on their keyboards plus the letter R. That triggers Windows Run capability. The user next has to press CTRL+V, which pastes the script into the Run dialogue, and press Enter, executing it.

Sometimes the verification page is labelled “CloudFlare,” in an effort to convince the user of the legitimacy of what they’re being asked to do by using a trusted brand name.