Fake CAPTCHA Scam: Proving You're A Human Could Make You A Victim Of Cyberattack - How To Stay Safe

Hyderabad: A new scam has emerged in the market, known as the CAPTCHA Scam. Usually, it starts with a harmless web search, done with the attempt to locate a website for a product that an individual likes. Once the link is clicked, a familiar action box pops out, asking the user to prove whether they are human.

While the pop-up box may seem harmless, this could be a trap. One wrong click from the user, trying to prove they are not a bot, could lead to getting attacked by malware.

What is a Fake CAPTCHA scam?

Completely Automated Public Turing test to tell Computers and Humans Apart, or CAPTCHA, is a security tool that confirms whether a user is human or a bot. It involves distorted text, image selection, audio cues, simple puzzles, or just ticking a checkbox (known as reCAPTCHA).

Nowadays, cybercriminals have copied these tests to trick users into downloading malware onto their systems. Fake CAPTCHAs are usually disseminated via compromised websites, malicious ads, or phishing emails. These fake websites may appear to be domains of popular websites, encouraging users to enable browser notifications or download files under the guise of verification.

Unusual tasks appear after clicking the 'Verify' button on a fake CAPTCHA. (Image Credit: CloudSEK)

According to a report shared by CloudSEK, fake CAPTCHA is a cyberattack technique used by cybercriminals to use similar-looking human verification pages that trick Windows users into unknowingly downloading and installing Lumma Stealer malware.

This malware is specifically designed to steal sensitive information from users’ computers, including passwords, browsing history, financial data, and cryptocurrency wallet details. It is known for being available via a Malware-as-a-Service (MaaS) model on underground forums, making it accessible to a wide range of cybercriminals.

How does Lumma Stealer work?

Cybercriminals create phishing websites that are hosted on various providers, often utilising Content Delivery Networks (CDNs) that are present with a fake Google CAPTCHA page.

Lumma Stealer malware as a Malware-as-a-Service (MaaS) model (Image Credit: CloudSEK)

Once a user enters a fake website and clicks the “Verify” button, users are presented with unusual instructions that follow: