[THIS IS A PRESS RELEASE]
A new wave of the malicious campaign that is spread through web ads and aimed at Windows PC users was discovered by Kaspersky. While browsing the web, users may unknowingly click on an ad that invisibly covers the entire screen, redirecting them to a fake CAPTCHA page or a fake Chrome error message that prompts them to follow steps to download stealers. Kaspersky’s telemetry recorded over 140,000 encounters with these malicious ads in September and October 2024, and more than 20,000 users were redirected to the fake pages hosting malicious scripts. Most often these were users from Brazil, Spain, Italy, and Russia. To stay safe, experts advise users to exercise caution and avoid following suspicious prompts for action online.
A CAPTCHA is a security feature used on websites and in apps to verify whether a user is human or an automated program or bot. Earlier this year, there were reports of attackers distributing the Lumma stealer using fake CAPTCHAs, primarily targeting gamers. When browsing gaming websites, users were lured into clicking on an ad that covered the entire screen. They were redirected to a fake CAPTCHA page with instructions below the prompt tricking them into downloading the stealer. When users clicked the I'm not a robot button, an encoded Windows PowerShell command was copied to their PC’s clipboard. They were then prompted to paste it into the terminal box and press Enter, inadvertently downloading and launching Lumma. The malware searched for cryptocurrency-related files, cookies, and password manager data on the victim's device. It also visited the webpages of various e-commerce platforms, boosting their view counts, giving the attackers additional financial gain.
