Products You May Like
Cybersecurity researchers at McAfee Labs have identified a widespread malware distribution campaign dubbed “ClickFix” that uses fake CAPTCHA pages to infect users with Lumma Stealer malware, PCMag reports. The attack is said to have a global reach and mainly targets users looking for cracked pirated games and GitHub users.
The infection spreads in two main ways. In the first scenario, users who search for pirated or cracked games are redirected to malicious CAPTCHA pages. The second scenario uses phishing emails impersonating GitHub to tell users about made-up security risks in their projects.
In both scenarios, users are presented with fake CAPTCHA pages asking them to verify they’re human. And as soon as the users interact with these pages, bam: A malicious script is covertly copied to their clipboard. They are then asked to paste and execute this script, unknowingly beginning the malware infection in their system.
The ClickFix campaign employs several smart ways to avoid detection. These include multi-layer encryption of malicious scripts, misuse of a Windows tool called mshta.exe to run hidden code, and AES-encrypted PowerShell commands used to download and install the Lumma Stealer payload.
McAfee’s analysis reveals that the malware is generally saved in the user’s temporary folder, a location often overlooked by security scans. The company has implemented protective measures, including URL blocking of known fake CAPTCHA pages and comparatively easier ways to spot unusual use of mshta.exe.
To mitigate risks, experts advise against downloading cracked or pirated software and caution users to be wary of unsolicited emails, even those appearing to come from trusted sources. But they mainly emphasize not copying and pasting scripts from unverified sources and keeping security software up-to-date.
Overall, this campaign emphasizes cybercriminals’ changing tactics. They exploit common user behaviors and trust in familiar web elements such as CAPTCHA verification. Ongoing vigilance and education are crucial for maintaining cybersecurity as these threats become more sophisticated.