Tag Archive for: CAPTCHA

DarkGate gang using CAPTCHA to spread malware

/in


Legal advertising tools are being leveraged by cybercriminals to conceal their illicit campaigns and track victims to see how responsive they are to malware links, an analyst warns.

Hewlett Packard’s latest threat insights disclosure was revealed today (February 15th) and shines a light on DarkGate, a consortium of web-based criminals who are using legal advertising tools to augment their spam-based malware attacks.

Hewlett’s threat research team, HP Wolf Security, says it tracked DarkGate, observed operating as a malware provider since 2018, and noticed a shift in tactics last year that entailed using legitimate advertisement networks “to track victims and evade detection.”

It added: “By using ad services, threat actors can analyze which lures generate clicks and infect the most users – helping them refine campaigns for maximum impact.”

DarkGate targets potential victims with a carefully crafted email phishing campaign that encourages them to click on an infected PDF file – so far, so normal.

But instead of rerouting the target directly to the payload once they do click, the DarkGate campaign sends them to a legitimate online ad network first.

“The ad URL contains identifiers and the domain hosting the file,” said Wolf Security. “In the backend definition of the ad link, the threat actor defines the final URL, which is not shown in the PDF document. Using an ad network as a proxy helps cybercriminals to evade detection and collect analytics on who clicks their links.”

Turning defense into attack

This ploy also allows DarkGate to lean into the ad company’s own defenses – cunningly using these to conceal its own nefarious activities.

“Since the ad network uses CAPTCHAs to verify real users to prevent click fraud, it’s possible that automated malware analysis systems will fail to scan the malware because they are unable to retrieve and inspect the next stage in the infection chain, helping the threat actor to evade detection,” said Wolf Security.

This has the added benefit of making the lure appear more plausible – being routed through a legitimate ad network domain and asked to pass a CAPTCHA test only adds to the campaign’s veneer of…

Source…

Encrypted email provider Proton has built its own CAPTCHA service

/in


Image Credits: Oleksandr Hruts / Getty Images

Proton, the Swiss company that develops privacy-focused online services such as email, has developed its very own CAPTCHA service to help discern between genuine login attempts and bots — and it touts the new system as the world’s first CAPTCHA that is “censorship resistant.”

The company said it has already been testing its CAPTCHA system for several months, and has now transitioned to its home-grown solution entirely.

“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire, a former Facebook engineer who now heads up Proton’s machine learning team, wrote in a blog post. “Our primary goal was to provide a system that doesn’t compromise on privacy, usability and accessibility, or security.”

CAPTCHAs, a contrived acronym that stands for the decidedly less-punchy “completely automated public Turing test to tell computers and humans apart,” have long been used on the web to prevent bots from creating multiple accounts with a specific service, or illicitly trying to access someone else’s account through credential stuffing. This is usually presented to the user in the form of a visual or cognitive challenge, one that is relatively easy for a human to complete but difficult for a machine.

CAPTCHAs, while generally effective, come with trade-offs in terms of usability, accessibility, cultural biases, and annoyances that businesses would prefer not to impose on their users. This is why companies such as Apple and Cloudflare have sought ways to tell the difference between humans and bots automatically using alternative mechanisms, such as through device and telemetry data.

And then there is the elephant in the room that is data privacy, with some CAPTCHA services — notably Google’s ReCAPTCHA — collecting hardware and software data. And for a company such as Proton, which has built an entire business off the back of privacy-focused tools such as email, a VPNpassword manager, cloud storage, calendar, and password manager, it doesn’t make a whole heap of sense to compromise its reputation through relying on such third-party…

Source…

Before you fill out a CAPTCHA form on a website, know a scammer could be behind it

/in


The chances are good that you have come across a human authentication system online. In Google’s version, you are usually asked to point out things like cars, traffic lights or fire hydrants. Other websites might use the popular CAPTCHA test.

A word or a phrase is usually displayed in a strange font or typeface. This is done so that computers can’t “read” the letters, as only a human can decipher the code. Interestingly, Google acquired the reCAPTCHA deployment system in 2019.

Cybercriminals are now using the same technology to target potential victims. While the use of CAPTCHA as a scam delivery system isn’t new, the frequency of online deployment has increased. Here’s what to look out for, and how to stay safe.

Here’s the backstory

Visual puzzles aren’t the preferred method for scammers. But a recent report by Proofpoint showed that attacks using CAPTCHA increased by 50 times compared to last year. The technology itself isn’t the scam, but it lends more credibility to the overall scam.

Scams can be delivered through phishing emails or targeted attacks, and CAPTCHA ensures that the criminal targets a real person. It can also be used to determine where the victim is from.

Once the potential victim opens the phishing email, they might be asked to log into a website or service. To make it look more authentic, cybercriminals will insert a CAPTCHA verification. Some people will then assume that the resulting webpage is real, which it most certainly isn’t.

But why are more people falling for the CAPTCHA scam? It might have something to do with working from home.

“Remote workers may have been more distracted and cognitively taxed under the stresses of 2020. Perhaps some were even primed by new remote-work controls to see the CAPTCHA question as a normal security challenge,” the report explained.

Research also indicated that these attacks could have been linked to the Emotet botnet that caused havoc last year. A cybercriminal campaign sent out massive amounts of spam email, many of which often used world…

Source…

Google fixes flaw in Audio CAPTCHA (Robert McMillan/Computerworld)

/in

Robert McMillan / Computerworld:
Google fixes flaw in Audio CAPTCHA  —  IDG News Service – Google has fixed a flaw in its Audio CAPTCHA software that could have given scammers a way to automatically set up phony accounts with the company’s services.  —  The flaw was described in a post to the Full Disclosure mailing list Monday.

Read more