Fake CAPTCHAs used to infect devices with malware

Security researchers have discovered a malware campaign that uses fake CAPTCHAs as the initial method of infection. The campaign, which primarily targets users looking for entertainment content such as cracked games, is now spreading its nets to other types of websites: gambling platforms, adult content portals and file sharing services, among others. The fake CAPTCHAs invite the user to perform supposed “verification steps” that execute PowerShell commands, downloading malware such as Lumma Stealer and the Amadey Trojan. Lumma Stealer, once on the device, uses the BitLocker To Go utility to steal sensitive information, especially cryptocurrency data and passwords stored in browsers. Meanwhile, the Amadey Trojan, known since 2018, downloads modules to steal credentials and modify cryptocurrency addresses in the clipboard. In addition, it can take screenshots and even, in some cases, install remote access tools, allowing full control over the device.