WWW.FOXNEWS.COM
From CAPTCHA to catastrophe: How fake verification pages are spreading malware
Tech From CAPTCHA to catastrophe: How fake verification pages are spreading malware Learn how you can protect yourself from fake verification pages Published December 18, 2024 10:00am EST close From CAPTCHA to catastrophe: How fake verification pages are spreading malware Hackers are using CAPTCHAs to infect your PC with malware. When you visit a webpage, you might see a CAPTCHA to make sure youre a real person and not a bot. These usually involve jumbled words, some recognizable images or just a box that says, "I am not a robot."CAPTCHAs are harmless, but hackers are now using them to infect your PC with malware.Security researchers have found a huge fake CAPTCHA campaign spreading the dangerous Lumma info-stealer malware, which can bypass security measures like Safe Browsing.This campaign shows how malvertising works, with more than a million ad impressions every day and thousands of victims losing their accounts and money through a network of more than 3,000 sites. Ill break down how this scam works, whos responsible and how you can protect yourself. Illustration of a scammer (Kurt "CyberGuy" Knutsson)How does the scam work?As reportedby Guardio, the fake CAPTCHA scam is a sophisticated malvertising campaign that lures you into unknowingly installing malware under the guise of routine CAPTCHA verification. The cyberattack starts when youre browsing websites, often those offering free streaming, downloads or pirated content. These sites are used by hackers to present you with what appears to be a legitimate CAPTCHA verification page.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?The page mimics a real CAPTCHA, asking you to confirm you are human. However, the instructions are designed to trick you into initiating harmful actions, like triggering the Windows "Run" dialog. Users unknowingly paste and execute a crafted PowerShell command, which silently installs the Lumma info-stealer malware onto their system.The malware targets sensitive data, including social media accounts, banking credentials, saved passwords and personal files, potentially leading to financial and identity theft. Illustration of fake CAPTCHA (Guardio)Whos to blame for this?The fake CAPTCHA scam shows how messy the internets ad system has become, with everyone involved passing the buck. Guardio Labs points to ad networks like Monetag as a big part of the problem. They distribute malicious ads that are disguised during moderation using tricks like cloaking. Publishers, especially those offering free or pirated content, add to the issue by running these shady ads on their sites, often without checking what theyre actually showing users.Then there are services like BeMob, which lets scammers hide their bad links behind harmless-looking URLs. These companies call themselves analytics tools, but theyre helping the scams stay hidden. Hosting providers dont escape blame either. Theyre where these fake CAPTCHA pages live, and they often dont bother to check whats being hosted.Of course, the scammers themselves are the ones pulling the strings. But because they spread their operations across so many platforms, theyre almost impossible to track down. Guardios research shows how all these moving parts work together, creating a system where no one takes responsibility, and the scams keep running.GET FOX BUSINESS ON THE GO BY CLICKING HERE Illustration of a scammer at work (Kurt "CyberGuy" Knutsson)6 ways to stay safe from fake CAPTCHAs1. Use reliable security software:Keeping your antivirus and anti-malware software up to date is one of the most effective ways to protect yourself from fake CAPTCHA scams. A strong antivirus software will detect and block malware like the Lumma info-stealer before it can infect your device.Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.2. Enable browser protection features:Modern browsers offer built-in security features, such as Safe Browsing and phishing protection, which warn you about potentially dangerous sites. Make sure these features are enabled in your browser settings. These tools can alert you to malicious links or fake CAPTCHAs trying to trick you into downloading malware.3. Be cautious with "free" content:Theres a saying that goes, "If something is free, youre what they are selling." Websites that offer free downloads, streaming services or pirated content are often associated with malvertising campaigns. Fake CAPTCHA scams are commonly spread through these types of sites, where users are tricked into clicking on malicious ads or links. Even if a site seems tempting, its important to be cautious. Avoid clicking on suspicious links or using "free" services, as they could be traps designed to infect your device with malware.4. Avoid clicking on suspicious ads:Always be wary of ads that appear out of nowhere or seem too good to be true. Fake CAPTCHA scams often disguise themselves as legitimate ads, asking you to click to verify you're human. Never interact with pop-up ads or unfamiliar banners, especially those that claim to give you something for free, as they may lead to malicious pages or trigger malware downloads.Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.5. Check for HTTPS and look for signs of a legitimate site:Before entering any personal information or interacting with a CAPTCHA, ensure that the website is secure. Look for "https://" in the websites URL, which indicates the connection is encrypted. Legitimate websites also tend to have a professional appearance, so if something feels off or the design looks poor, trust your instincts and leave the site.6. Enable two-factor authentication:Two-factor authentication adds an extra layer of security, making it harder for attackers to access your accounts.Kurts key takeawayTheres no question that fake CAPTCHA scams are a growing threat, putting millions of us at risk of malware infections and financial loss. Whats even more concerning is that ad networks, publishers and hosting services continue to allow malicious campaigns to spread through their platforms despite the widespread awareness of the problem. The companies involved must take immediate action to improve content moderation, tighten security measures and prevent these scams from thriving. We are seeing a dangerous loophole in the digital advertising ecosystem that could have serious consequences for internet users.CLICK HERE TO GET THE FOX NEWS APPDo you think ad networks and publishers should be held accountable for the spread of malware through their platforms? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Follow Kurt on his social channels:Answers to the most asked CyberGuy questions:New from Kurt:Copyright 2024 CyberGuy.com.All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurts free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
0 Comments
0 Shares
13 Views