CERT has learnt of a campaign in which threat actors compromise widely used websites across various industries to embed fake CAPTCHA challenges. When victims visit these sites, they are either presented with a fraudulent CAPTCHA challenge or redirected to a page with instructions that trigger PowerShell code execution, ultimately leading to the installation of information-stealing malware.
How To Identify Fake CAPTCHA Challenges
Legitimate CAPTCHA challenges do not require users to copy a command or output and paste it into the Windows Run dialog box. If a CAPTCHA prompt includes such instructions, the site is likely compromised and should be avoided.
Example of a fake CAPTCHA
Recommendations
- Users should refrain from visiting sites that present fake CAPTCHA challenges until affected websites are secured.
- Users should also be vigilant when encountering CAPTCHA prompts and verify their legitimacy before interacting with them.