Cybersecurity researchers have uncovered a sophisticated malware distribution campaign leveraging fake CAPTCHA verification pages. According to a report by Cyber Security News, malicious actors are exploiting compromised websites to host these deceptive pages, ultimately leading to malware deployment on unsuspecting users’ systems.
A recent analysis by Censys revealed the scale of this operation, identifying nearly 9,494 breached websites currently hosting these fraudulent CAPTCHAs. Alarmingly, approximately 70% of these fake CAPTCHAs exhibit a high degree of visual similarity, making them tough for users to distinguish from legitimate verification processes.
despite their similar appearance, these malicious pages employ a variety of infection techniques. The most common methods involve clipboard manipulation to execute PowerShell and VBScript commands. Researchers have identified approximately 1,706 assets utilizing VBScript downloaders and nearly 1,269 assets employing PowerShell-based approaches.
Beyond script-based attacks, the campaign also utilizes MSIEXEC to deliver malicious Windows Installer packages.Further examination has revealed the use of the Matrix Push command-and-control framework,enabling fileless malware deployment – a technique designed to evade traditional detection methods.
A particularly concerning aspect of these attacks is the lack of executable artifacts produced during the intrusion process. This makes detection significantly more challenging for conventional security solutions, highlighting the need for advanced threat detection capabilities and user awareness.