With fake captcha verification, they steal passwords and money from victims

marry 20.09.2024, 13:30 PM

Cybercriminals have found a new way to trick users into infecting their systems – by using fake captcha verification pages that mimic legitimate websites. Thus, Windows users risk losing crypto wallet funds and other personal data.

According to in words researcher Tonmoy Jitu, in the attack, users were tricked into running a malicious PowerShell script. Once a device is infected, cybercriminals can steal sensitive information, including passwords, session tokens, cryptocurrency wallets, and other personal data from the compromised device.

Captcha verification is a tool used to distinguish human users from bots. Sometimes it requires solving a simple math problem, and sometimes it requires you to select certain pictures.

In this scam, users are asked to copy/paste a PowerShell script into the system’s Run dialog. By convincing the victim to run this script, the attackers gain control of the victim’s device and then install the malicious Lumma Stealer malware.

Lumma Stealer has been operating as a MaaS (malware-as-a-service) since August 2022. It steals data from web browsers, including passwords, cookies, autofill, and web browser add-on data.

Photo: towfiq barbhuiya | Unsplash