Sneaky malware abuses CAPTCHA to bypass browser protections

cybersecurity
(Image credit: Shutterstock)

Cybersecurity experts have shared details about a novel malware campaign that bypasses browser warnings by tricking users into complying with a fake CAPTCHA challenge.

The security researchers known as the MalwareHunterTeam provided BleepingComputer with a suspicious-looking URL, which takes victims to a webpage that includes an embedded YouTube video. 

As soon as the victims hit the Play button, the webpage downloads an executable named console-play.exe, which it camouflages behind a fake CAPTCHA challenge.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Decoding the trickery, BleepingComputer reveals that the fake CAPTCHA gets the victims to press the right keys to overrule the browser’s suspicions about the executable file, enabling the malicious file to download the malware onto the computer.

Captcha trickery

Since the file that the Play button asks the browser to download is an executable, virtually all modern web browsers will display a prompt asking the users to confirm the action. 

To bypass this warning, the scam brings up the fake CAPTCHA challenge, which prompts the user to enter a series of keys. Embedded within the list of keys to be pressed is the Tab key and the Enter key.

The Tab key will change the focus of the browser’s prompt to ignore the warning, and the Enter key will confirm the choice and download the file. 

Once the malicious executable is on your computer it will jump through hoops before downloading the Gozi/Ursnif banking trojan, which will then get to its nefarious purposes and steal account credentials and further infect the computer by pulling in more malware.

Notably, this is the second scam in as many weeks that has capitalized on internet users’ trust in CAPTCHA challenges to manipulate victims.

Via BleepingComputer

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Magnifying glass enlarging the word &#039;malware&#039; in computer machine code
Fake CAPTCHA pages used to spread infostealer malware
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
Robotic hand clicking on captcha &#039;I am not a robot&#039;.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Robotic hand clicking on captcha &#039;I am not a robot&#039;.
"A tracking cookie farm for profit" - report claims reCAPTCHA has caused 819 million hours of wasted human time, and billions in Google profits
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo &amp; Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'