[THIS IS A PRESS RELEASE]
A new wave of the malicious campaign that is spread through web ads and aimed at Windows PC users was discovered by Kaspersky. While browsing the web, users may unknowingly click on an ad that invisibly covers the entire screen, redirecting them to a fake CAPTCHA page or a fake Chrome error message that prompts them to follow steps to download stealers. Kaspersky’s telemetry recorded over 140,000 encounters with these malicious ads in September and October 2024, and more than 20,000 users were redirected to the fake pages hosting malicious scripts. Most often these were users from Brazil, Spain, Italy, and Russia. To stay safe, experts advise users to exercise caution and avoid following suspicious prompts for action online.
A CAPTCHA is a security feature used on websites and in apps to verify whether a user is human or an automated program or bot. Earlier this year, there were reports of attackers distributing the Lumma stealer using fake CAPTCHAs, primarily targeting gamers. When browsing gaming websites, users were lured into clicking on an ad that covered the entire screen. They were redirected to a fake CAPTCHA page with instructions below the prompt tricking them into downloading the stealer. When users clicked the I'm not a robot button, an encoded Windows PowerShell command was copied to their PC’s clipboard. They were then prompted to paste it into the terminal box and press Enter, inadvertently downloading and launching Lumma. The malware searched for cryptocurrency-related files, cookies, and password manager data on the victim's device. It also visited the webpages of various e-commerce platforms, boosting their view counts, giving the attackers additional financial gain.
A fake CAPTCHA with malicious instructions |
In the new wave of the attacks, Kaspersky researchers identified another attack scenario in which, instead of a CAPTCHA, a webpage error message is displayed, styled to look like a service message in the Chrome web browser. The attackers instruct the user "copied the fix" into the terminal window (the fix being the same malicious PowerShell command as described above).
A fake message mimicking Google Chrome |
“Attackers bought some advertising slots, and if a user gets to see this ad and click on it, they are redirected to malicious resources, which is a common attack tactic. The new wave of this campaign involves a significantly expanded distribution network and the introduction of a new attack scenario that reaches more victims. Now users can be lured away by either a fake CAPTCHA prompt or a Chrome webpage error message, falling victim to a stealer with new functionalities. Corporate users and individuals should exercise caution and think critically before following any suspicious prompts that they see online,” comments Vasily Kolesnikov, Security Expert at Kaspersky.
Read more on Securelist.
To block threats related to stealers, follow the recommendations below.
Businesses:
- check if the credentials for your company’s devices or web applications have been compromised by stealers on the dedicated Kaspersky Digital Footprint Intelligence landing page;
- use a dedicated security solution such as Kaspersky Endpoint Security for Business with application and web control; behavior analysis helps quickly detect malicious activity;
- look into boosting your employees’ digital literacy to minimize the cyber risks from the human side by using an online tool that offers comprehensive cyber trainings for staff.
Individuals:
- use a comprehensive security solution, such as Kaspersky Premium, on all of your devices, to prevent opening suspicious pages or phishing emails;
- use Kaspersky Password Manager to store your passwords securely.
[END OF PRESS RELEASE]
No comments:
Post a Comment
Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!