Fake CAPTCHAs have been leveraged to facilitate the deployment of information-stealing malware targeting multiple cryptocurrency wallets and credentials stored across over two dozen web browsers as part of a new ClickFix attack campaign, according to HackRead.VPN configurations, FTP credentials, and gaming apps have also been targeted by the infostealer, which is launched through a breached website, an analysis from CyberProof showed. Visiting the compromised site prompts clipboard data reading and a dubious PowerShell command execution, resulting in the appearance of a malicious CAPTCHA that lured targets into running a PowerShell command line that downloaded the infostealer.Attackers also sought to obscure illicit activity by leveraging Donut software, which allowed the use of the VirtualAlloc and CreateThread commands to conceal the infostealer in the targeted device's memory. Despite being crafted for complete data theft, the information has been flagged by Microsoft Defender due to its inclusion of the "$finalPayload" variable name.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds