Threat Intelligence

Malware uses CAPTCHA ruse to infect systems

Cyber Security News reports that a growing malware campaign is exploiting fake CAPTCHA pages to spread Lumma Stealer, a powerful information-theft tool marketed through malware-as-a-service platforms.

According to Kaspersky, attackers mimic familiar CAPTCHA systems like Google reCAPTCHA to trick users into copying a malicious PowerShell command from their clipboard. These deceptive pages are often linked from pirated media sites and fraudulent cryptocurrency Telegram groups. Once executed, the command initiates a multi-stage infection chain using advanced evasion techniques, such as DLL sideloading and mshta-based JavaScript execution. Lumma Stealer, which targets credentials, 2FA data, cryptocurrency wallets, and financial information, also checks for antivirus software before deploying its payload. It communicates with remote command-and-control servers using encrypted POST requests. With over 1,000 active subscribers and entry costs starting at $250, the threat is escalating rapidly. Security experts stress the importance of user education and endpoint defenses, warning that corporate systems remain vulnerable to infections that may precede larger-scale attacks like ransomware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds