Fake “Captcha” to install malware on Windows computers

Cybersecurity researchers are warning of a malware distribution campaign using fake “Captchas”. Hackers use these small identification tests – which are used to prove that an Internet user is indeed human and not a robot – to trap Windows users and install malicious software on their machines without their knowledge.

Experts from IT security company McAfee have identified two infection vectors leading users to these fake Captchas: one via URL links to download pirated games, the other through phishing emails. For example, users of the GitHub platform were targeted by fraudulent emails inviting them to correct an alleged security issue.

Once on the page, Internet users are encouraged to click on buttons “Check that you are human” or “I am not a robot”. This action has the effect of opening the Windows clipboard and pasting a script there – that is to say a series of commands allowing you to automate a task. A message then invites the user to perform a series of commands: “1. Press Windows key + R. 2. Appuyer sur CTRL + V. 3. Press Enter,” McAfee says in a blog post (new window).

Cryptocurrency wallets in the spotlight

By performing this operation, the victim unknowingly installs malware, which will scan all the contents of their computer and identify files associated with cryptocurrency wallets in order to steal them. Hackers will then search for credentials stored by web browsers, including the history of password managers, a blog post says (new window) from the cybersecurity company Kaspersky.

• Read also

  Massive leak at Free: what happens to your personal data once it has been hacked?

While the “Lumma Stealer” malware has been known for a long time, “Amadey” appeared in 2018, and it can be easily obtained for around $500 on Russian-speaking hacking forums, Kaspersky experts say. According to the IT security company, the most affected Windows users are mainly in Brazil, Spain, Italy and Russia. But French users are also targeted. Be careful, then!