Tag: captcha

Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel

Jan 27, 2026 5:23 PM

Tags: captcha, malware

Fake Captcha abuses trusted web interactions to deliver malware and evade traditional detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/living-off-the-web-how-fake-captcha-turned-trust-into-a-malware-delivery-channel/
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Jan 27, 2026 4:21 PM

Tags: attack, captcha, control, cybersecurity, microsoft, powershell, service

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.”Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,” First seen on…
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer

Jan 26, 2026 1:18 PM

Tags: captcha, microsoft, scam, tool

Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools. First seen on hackread.com Jump to article: hackread.com/fake-captcha-scam-microsoft-tools-amatera-stealer/
Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware

Jan 23, 2026 4:34 PM

Tags: captcha, cyber, exploit, infrastructure, malicious, malware, service

Fake Captcha and >>ClickFix<< lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions…
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026

Jan 15, 2026 7:51 PM

Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
Microsoft-Konto gekapert: Hacker entwickeln Cyberangriffe mit Captchas weiter so schützt du dich

Dec 19, 2025 2:19 PM

Tags: captcha, cyberattack, hacker, microsoft

First seen on t3n.de Jump to article: t3n.de/news/microsoft-konto-gekapert-hacker-cyberangriffe-captchas-weiterentwickelt-1722368/
Neue ClickFix-Kampagne nutzt Fake-Windows-Updates

Nov 26, 2025 3:50 PM

Tags: captcha, cyberattack, endpoint, group, malware, monitoring, phishing, powershell, social-engineering, update, windows

Cyberkriminelle nutzen eine gefälschte Windows-Update-Seite, um Mitarbeiter anzugreifen.Forscher des Security-Anbieters Huntress sind kürzlich auf eine neue ClickFix-Kampagne gestoßen, die auf Mitarbeiter in Unternehmen zielt. Laut Forschungsbericht haben die Angreifer ihre Malware dabei in den Pixeln eines Bildes versteckt, das eine Windows-Update-Seite vortäuscht. Dort werden die Benutzer aufgefordert, auf Ausführen zu klicken, um einen bösartigen Befehl…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website

Nov 19, 2025 9:49 PM

Tags: attack, captcha, cyber, data, group, infrastructure, malicious, ransomware, threat, tool

A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption all triggered by a single, seemingly innocent click on a website CAPTCHA. The compromise underscores a harsh reality: deploying advanced security tools does not guarantee security coverage or effective threat…
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website

Nov 19, 2025 9:49 PM

Tags: attack, captcha, cyber, data, group, infrastructure, malicious, ransomware, threat, tool

A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption all triggered by a single, seemingly innocent click on a website CAPTCHA. The compromise underscores a harsh reality: deploying advanced security tools does not guarantee security coverage or effective threat…
Fake CAPTCHA Triggers 42-Day Akira Ransomware Attack

Nov 19, 2025 7:49 PM

Tags: attack, breach, captcha, ransomware

A fake CAPTCHA click led to a 42-day Akira ransomware breach that went largely undetected despite extensive security tooling. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fake-captcha-triggers-42-day-akira-ransomware-attack/
New npm Malware Campaign Redirects Victims to Crypto Sites

Nov 18, 2025 5:49 PM

Tags: captcha, crypto, malware, threat

A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-malware-campaign-redirects/
SmartApeSG Uses ClickFix to Deploy NetSupport RAT

Nov 13, 2025 3:49 PM

Tags: access, attack, captcha, cyber, infection, malicious, rat, tactics

The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s latest methodology, which uses deceptive fake CAPTCHA pages to trick users into executing malicious commands that ultimately deploy NetSupport RAT a Remote Access Trojan capable of giving attackers complete…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Typo hackers sneak cross-platform credential stealer into 10 npm packages

Oct 30, 2025 4:19 PM

Tags: attack, captcha, cloud, corporate, credentials, data, email, espionage, hacker, linux, macOS, malicious, password, router, supply-chain, theft, threat

Payload for IP fingerprinting and credential theft: Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands…
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Oct 29, 2025 11:26 AM

Tags: captcha, credentials, cybersecurity, linux, macOS, malicious, malware, windows

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Oct 29, 2025 11:26 AM

Tags: captcha, credentials, cybersecurity, linux, macOS, malicious, malware, windows

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
Rethinking Identity Security in the Age of AI

Oct 28, 2025 7:26 PM

Tags: access, ai, api, attack, authentication, automation, awareness, best-practice, breach, business, captcha, ceo, container, control, credentials, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, endpoint, exploit, finance, fraud, Hardware, iam, identity, login, malware, mfa, monitoring, passkey, password, phishing, risk, risk-management, scam, threat, tool, vulnerability

Rethinking Identity Security in the Age of AI madhav Tue, 10/28/2025 – 06:35 Traditional identity protections were never designed for the age of AI. They can’t stop the lightning-fast, highly convincing identity attacks AI facilitates. There’s a reason that nearly 60% of businesses say compromised credentials are the leading cause of breaches. Data Security Marco…
Rethinking Identity Security in the Age of AI

Oct 28, 2025 7:26 PM

Tags: access, ai, api, attack, authentication, automation, awareness, best-practice, breach, business, captcha, ceo, container, control, credentials, cyber, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, endpoint, exploit, finance, fraud, Hardware, iam, identity, login, malware, mfa, monitoring, passkey, password, phishing, risk, risk-management, scam, threat, tool, vulnerability

Rethinking Identity Security in the Age of AI madhav Tue, 10/28/2025 – 06:35 Traditional identity protections were never designed for the age of AI. They can’t stop the lightning-fast, highly convincing identity attacks AI facilitates. There’s a reason that nearly 60% of businesses say compromised credentials are the leading cause of breaches. Data Security Marco…
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware

Oct 23, 2025 8:25 AM

Tags: access, captcha, cyber, international, malware, rat, ukraine

A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
PhantomCaptcha RAT Uses Weaponized PDFs and “ClickFix” Cloudflare CAPTCHA Pages to Deliver Malware

Oct 23, 2025 8:25 AM

Tags: access, captcha, cyber, international, malware, rat, ukraine

A sophisticated spearphishing campaign has targeted humanitarian organizations working on Ukrainian war relief efforts, employing weaponized PDFs and fake Cloudflare captcha pages to deploy a custom remote access trojan. The PhantomCaptcha campaign, launched on October 8th, 2025, specifically targeted individual members of the International Committee of the Red Cross, United Nations Children’s Fund (UNICEF) Ukraine…
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools

Oct 22, 2025 2:26 PM

Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trust

Evolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
Russia’s Coldriver Revamps Malware to Evade Detection

Oct 22, 2025 12:26 AM

Tags: captcha, data-breach, detection, group, hacker, malware, powershell, russia, threat

Russian Intel Hackers Flexible in Face of Detection. Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-coldriver-revamps-malware-to-evade-detection-a-29776
Russian hackers evolve malware pushed in “I am not a robot” captchas

Oct 21, 2025 5:26 PM

Tags: blizzard, captcha, group, hacker, malware, russia, social-engineering

The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-evolve-malware-pushed-in-i-am-not-a-robot-clickfix-attacks/
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches

Oct 20, 2025 3:40 PM

Tags: attack, breach, captcha, malicious

ClickFix, FileFix, fake CAPTCHA, whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser, most commonly a CAPTCHA, but also things like fixing an error on a…
Sicherheit statt Rätselbilder – So schützen moderne Bot-Management-Systeme ohne CAPTCHAs

Oct 20, 2025 11:40 AM

Tags: captcha

First seen on security-insider.de Jump to article: www.security-insider.de/bot-management-ohne-captchas-a-a7d5ced9f2189339338a79ec5ff51c34/
Phishers turn 1Password’s Watchtower into a blind spot

Oct 7, 2025 2:35 PM

Tags: access, banking, breach, captcha, credentials, login, malicious, password, phishing, service

Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain…
Phishers turn 1Password’s Watchtower into a blind spot

Oct 7, 2025 2:35 PM

Tags: access, banking, breach, captcha, credentials, login, malicious, password, phishing, service

Vault keys at stake: Those who clicked on the phishing link earlier had too much to lose. The cloned landing page reportedly asked users for their 1Password login details, potentially giving attackers access to entire password vaults. With that single breach, everything from social accounts to banking credentials could be compromised.Malwarebytes urged users to remain…
AI-powered phishing scams now use fake captcha pages to evade detection

Sep 22, 2025 3:16 PM

Tags: ai, attack, awareness, breach, captcha, ceo, credentials, data, defense, detection, email, finance, governance, identity, login, mfa, microsoft, network, passkey, password, phishing, resilience, scam, service, spam, strategy, threat, tool, training

The attack playbook: The phishing campaigns follow a familiar playbook at the outset. Victims typically receive spam emails that carry urgent, action-oriented messages such as “Password Reset Required” or “USPS Change of Address Notification”.Clicking on the embedded link doesn’t take the user directly to a credential-stealing site but instead loads what appears to be a…