The Internet is a fascinating but sometimes dangerous place. Recently, a new scam was brought to light by Kaspersky, the well-known cybersecurity company, and it might surprise you. This fraud is hidden behind false CAPTCHA tests, these famous little tests which ask us to prove that we are not robots. If you thought CAPTCHAs were just there to annoy us with their traffic light images, think again: cybercriminals have found a new way to use them for their own gain.
A scam technique that spreads quickly
Kaspersky alerted computer users under Windows via an article on his blog last week. The scheme is simple: attackers use false advertisements to redirect Internet users to pages displaying a false CAPTCHA test. Initially targeted at pirated gaming sites, cybercriminals have broadened their scope. Today, these fake CAPTCHAs can be found on adult sites, file sharing services, and even betting platforms. You’re probably imagining the scene: you’re just trying to discover content, and you find yourself stuck with this so-called security test.
What is this scam really about?
The principle is quite tricky. Once the victim clicks on the fake ad, they are redirected to a CAPTCHA test which appears completely normal. But after “passing” this test, the victim is asked to execute code using the Windows “Terminal” tool. You might think that it’s nothing serious, but that’s where everything changes: this simple copy and paste triggers the installation of a virus on the computer.
I always thought that no software security could not replace human vigilance. And it’s even more true here. This virus, once installed, can steal all kinds of sensitive data: your passwords, your banking information, everything you keep preciously on your computer. The criminals’ objective is clear: access this information in order to plunder, particularly your online accounts, without the risk of being caught quickly.
Be vigilant: how to protect yourself?
It is essential to remain cautious, especially when advertisements or pop-ups ask you to take action without your having requested anything. Never be surprised by a request to copy and paste a code into a terminal if you don’t know where it comes from. Additionally, remember to always have up-to-date cybersecurity software on your device. Companies such as Kaspersky, Norton, or McAfee provide tools to detect these types of attacks before they cause damage.
Nobody likes CAPTCHAs, but it’s better to deal with a few annoying clicks than to fall victim to this kind of scam. In short, the best weapon against this type of attack remains our vigilance: if something seems strange to you, it is better to close the window and not take any risks.