Bogus CAPTCHA pages leveraged for malware distribution

Malicious actors have been using fake CAPTCHA verification pages to facilitate malware deployment, reports Cyber Security News. Nearly 9,494 breached websites have been leveraged to host the bogus CAPTCHA pages, about 70% of which looked almost visually identical to each other, according to a Censys analysis. Despite the visual similarity, multiple infection mechanisms have been utilized by the pages. Most prevalently used is clipboard manipulation for PowerShell and VBScript command execution, with the VBScript downloaders and PowerShell-based approaches accounting for almost 1,706 and nearly 1,269 assets, respectively. MSIEXEC has also been tapped to enable the delivery of illicit Windows Installer packages. Additional findings revealed counterfeit CAPTCHA pages to have also used the Matrix Push command-and-control framework to enable fileless malware deployment. Researchers noted that malware intrusions via fake CAPTCHA pages produce no executable artifacts, making them elude traditional detection approaches.