Back

Behind the CAPTCHA: A Clever Gateway of Malware

Sept. 24, 2024, 2:38 p.m.

Tags

2024-09-24

External References

https://www.mcafee.com/

https://otx.alienvault.com/

Description

A sophisticated infection chain dubbed ClickFix has been observed using fake CAPTCHA pages to distribute Lumma Stealer malware. The campaign targets multiple countries through two main vectors: cracked game download URLs and phishing emails impersonating GitHub. Users are tricked into executing malicious scripts copied to their clipboards, leading to malware installation. The attack employs multi-layered encryption and leverages mshta to bypass detection. Mitigation strategies include user education, robust email filtering, and keeping systems updated. The global reach and deceptive tactics highlight the evolving nature of cyber threats.

Date

Published Created Modified
Sept. 24, 2024, 2:07 p.m. Sept. 24, 2024, 2:07 p.m. Sept. 24, 2024, 2:38 p.m.

Indicators

bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55

fa58022d69ca123cbc1bef13467d6853b2d55b12563afdbb81fc64b0d8a1d511

632816db4e3642c8f0950250180dfffe3d37dca7219492f9557faf0ed78ced7c

19d04a09e2b691f4fb3c2111d308dcfa2651328dfddef701d86c726dce4a334a

d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207

cc29f33c1450e19b9632ec768ad4c8c6adbf35adaa3e1de5e19b2213d5cc9a54

b6a016ef240d94f86e20339c0093a8fa377767094276730acd96d878e0e1d624

Attack Patterns

Lumma Stealer

AsyncRAT

T1048

T1074

T1553.005

T1059.001

T1567

T1012

T1005

T1082

T1083

T1204

T1140

T1132

T1027

T1566