Tag: captcha

Fake CAPTCHA scam turns a quick click into a costly phone bill

Apr 28, 2026 4:38 PM

Tags: captcha, international, phone, scam

Scammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/fake-captcha-scam-turns-a-quick-click-into-a-costly-phone-bill/
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

Apr 27, 2026 12:39 PM

Tags: attack, captcha, crypto

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data. First seen on hackread.com Jump to article: hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Apr 27, 2026 11:38 AM

Tags: captcha, crypto, cybersecurity, fraud, international, mobile, phone, scam, threat

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers.According to a new report published by Infoblox, the operation is believed…
ClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 Payloads

Apr 27, 2026 9:39 AM

Tags: attack, captcha, cyber, cybersecurity, infection, phishing, powershell, windows

A newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins with a familiar ClickFix tactic: a phishing page disguised as a CAPTCHA verification prompt. Victims are instructed to press Win + R, paste a…
Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts

Apr 25, 2026 1:39 PM

Tags: captcha, fraud, international, scam

Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts. First seen on hackread.com Jump to article: hackread.com/fake-captcha-pages-exploit-clicks-send-texts/
New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk

Apr 24, 2026 10:39 PM

Tags: attack, captcha, detection, malicious, risk, tool, windows

Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows First seen on hackread.com Jump to article: hackread.com/clickfix-variant-native-windows-tools-bypass-security/
Fake CAPTCHA Scam Triggers Costly SMS Fraud

Apr 24, 2026 1:38 PM

Tags: captcha, cyber, fraud, hacker, international, scam

Hackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains that eventually redirect victims through a traffic distribution system (TDS) to a fake CAPTCHA page.…
Top techniques attackers use to infiltrate your systems today

Apr 21, 2026 11:39 AM

Tags: 2fa, access, ai, api, attack, authentication, automation, business, captcha, cloud, container, control, corporate, credentials, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, exploit, flaw, hacking, Hardware, identity, infrastructure, least-privilege, malicious, mfa, microsoft, monitoring, network, password, phishing, powershell, ransomware, risk, saas, scam, service, social-engineering, software, supply-chain, theft, tool, training, vpn, vulnerability, worm

Network security device hacking: Network edge devices have increasingly drawn attackers’ attention over the past two years, establishing a new battleground where the very devices meant to protect the network have become attractive targets for exploitation.As a result, flaws in security device, such as SSL VPN systems and other gateways, are among the top initial…
New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto

Apr 8, 2026 11:50 AM

Tags: attack, captcha, crypto, malware, threat

Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-node-js-malware-tor-steal-crypto/
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows

Apr 7, 2026 12:51 PM

Tags: access, captcha, cyber, hacker, malicious, malware, rat, windows

Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In this latest campaign, attackers lure victims into executing malicious commands that silently install malware disguised…
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

Mar 30, 2026 11:29 AM

Tags: captcha, macOS

Infinity Stealer targets macOS via fake Cloudflare CAPTCHA, using Nuitka; first such campaign per Malwarebytes. Researchers at Malwarebytes spotted a new macOS infostealer, named Infinity Stealer, using a Python payload compiled with Nuitka. It spreads via ClickFix, tricking users with fake Cloudflare CAPTCHA pages. >>A fake verification page instructs the visitor to open Terminal, paste…
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

Mar 26, 2026 10:47 PM

Tags: captcha, macOS, malicious

A new macOS infostealer, NukeChain (now Infiniti Stealer), uses fake CAPTCHA pages to trick users into running malicious commands. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka/
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT

Mar 25, 2026 12:47 PM

Tags: access, attack, captcha, cyber, infection, rat

A recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote access trojans (RATs) and information stealers through a staged infection process. The infection begins with the ClickFix technique, where victims are redirected from a compromised legitimate website to a fake CAPTCHA page. This page…
LeakNet ransomware: what you need to know

Mar 20, 2026 12:10 PM

Tags: captcha, group, hacking, ransomware

A ransomware gang that claims to be a group of “investigative journalists”? Meet LeakNet – the group using fake CAPTCHA pages to trick employees into hacking themselves. First seen on fortra.com Jump to article: www.fortra.com/blog/leaknet-ransomware-what-you-need-know
Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks

Mar 19, 2026 11:09 AM

Tags: attack, banking, captcha, cyber, email, phishing, soc, worm

Horabot has resurfaced in Mexico with a more complex, multi”‘stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm”‘style spreader to deliver a Latin American banking trojan. In this installment of the SOC Files series, our MDR team dissected a targeted Horabot campaign that we hunted a few months ago, after…
ClickFix treibt neue Infostealer-Kampagnen an

Mar 18, 2026 11:11 AM

Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpress

ClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts

Mar 10, 2026 6:46 PM

Tags: captcha, wordpress

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/crooks_hijack_wordpress_sites/
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts

Mar 5, 2026 11:47 AM

Tags: captcha, crypto, cyber, exploit, linkedin, malicious, malware, social-engineering

A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit…
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts

Mar 5, 2026 11:47 AM

Tags: captcha, crypto, cyber, exploit, linkedin, malicious, malware, social-engineering

A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure

Mar 5, 2026 5:47 AM

Tags: access, authentication, captcha, control, credentials, cybercrime, data, defense, detection, dkim, email, Hardware, infrastructure, malicious, mfa, microsoft, monitoring, network, organized, passkey, phishing, qr, saas, service, threat, tool

Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure

Mar 5, 2026 5:47 AM

Tags: access, authentication, captcha, control, credentials, cybercrime, data, defense, detection, dkim, email, Hardware, infrastructure, malicious, mfa, microsoft, monitoring, network, organized, passkey, phishing, qr, saas, service, threat, tool

Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure

Mar 2, 2026 9:46 AM

Tags: blockchain, botnet, captcha, cyber, infrastructure, phishing, powershell

OCRFix is a multi-stage botnet Trojan campaign that abuses a fake Tesseract OCR download site, ClickFix-style PowerShell execution, and EtherHiding on BNB Smart Chain to conceal a rotating blockchain-backed command infrastructure. The fake site gates content behind a bogus CAPTCHA and then instructs users to open PowerShell and paste a pre-copied command, a hallmark of…
(g+) Scrapling und Openclaw: Wenn der KI-Agent bewaffnet wird

Feb 28, 2026 11:37 AM

Tags: ai, captcha

Mit Scrapling lassen sich Cloudflare-Captchas vollautomatisch lösen. Für Entwickler ist es praktisch, aber es wird in den falschen Händen schnell zur Gefahr. First seen on golem.de Jump to article: www.golem.de/news/scrapling-und-openclaw-wenn-der-ki-agent-bewaffnet-wird-2602-205878.html
Scrapling und Openclaw: Wenn der KI-Agent bewaffnet wird

Feb 27, 2026 10:36 AM

Tags: ai, captcha

Mit Scrapling lassen sich Cloudflare-Captchas vollautomatisch lösen. Für Entwickler ist es praktisch, aber es wird in den falschen Händen schnell zur Gefahr. First seen on golem.de Jump to article: www.golem.de/news/scrapling-und-openclaw-wenn-der-ki-agent-bewaffnet-wird-2602-205878.html
Smashing Security podcast #456: How to lose friends and DDoS people

Feb 26, 2026 5:37 AM

Tags: ai, attack, captcha, ddos, email, Internet, service

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email – they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear…
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users

Feb 24, 2026 8:01 AM

Tags: captcha, credentials, cyber, detection, endpoint, threat

A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025, as highlighted in BlueVoyant’s earlier research. Further correlation with recent threat telemetry suggests that this campaign…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Infostealer

Feb 21, 2026 8:02 PM

Tags: attack, captcha, crypto, malicious, powershell

Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-crypto-wallets-browsers-infostealer/
Using threat modeling and prompt injection to audit Comet

Feb 20, 2026 7:01 PM

Tags: access, ai, attack, captcha, control, data, defense, detection, email, endpoint, exploit, framework, injection, Internet, law, least-privilege, LLM, malicious, ml, monitoring, privacy, RedTeam, risk, social-engineering, threat, tool, training, update, vulnerability

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave…