Malicious use of reCaptcha

guest · May 2, 2020

Phishers Increasingly Incorporating reCaptcha API into Campaigns
May 1, 2020
https://www.tripwire.com/state-of-s...y-incorporating-recaptcha-api-into-campaigns/

Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns.

Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts with reCaptcha walls so that they can shield their landing pages from automated URL analysis tools as well as add a sense of legitimacy to their operations.
Yet the security firm revealed that it’s increasingly seeing fewer fake reCaptcha boxes as attackers continue to embrace the actual API. Indeed, it spotted just one fake box compared to 100,000 phishing emails using the real deal.

Barracuda Networks revealed that it had discovered a campaign consisting of no less than 128,000 attack emails. All of those messages informed recipients that they had a voicemail awaiting them and that they could access a recording of it by clicking on an attachment. Once clicked, that HTML file redirected recipients to a page that contained only the reCaptcha wall.
Click to expand...

The security firm explained what happened after a user completed the reCaptcha challenge:

Once the user solves the reCaptcha in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. It is not clear whether the page’s appearance matches the user’s legitimate mail server, but it’s possible that using some simple reconnaissance the attacker could find this sort of information to make the phishing page even more convincing.
Click to expand...

Barracuda: Threat Spotlight: Malicious use of reCaptcha

The most important step in protecting against malicious reCaptcha walls is to educate users about the threat so they know to be cautious instead of assuming a reCaptcha is a sign that a page is safe. Users should exercise scrutiny when seeing reCaptcha walls, especially in unexpected places where legitimate walls have not been encountered in the past.

While this trick with reCaptcha makes it harder for automated URL analysis to be done, the email itself still a phishing attack and may be detected by email protection solutions. Ultimately, however, no security solution will catch everything, and the ability of the users to spot suspicious emails and websites is key.
Click to expand...

mirimir · May 2, 2020

I consider all reCaptcha use to be malicious.

guest · Oct 1, 2020

Phishing pages leverage CAPTCHAs to fool users, evade detection
October 1, 2020
https://www.scmagazine.com/home/sec...erage-captchas-to-fool-users-evade-detection/

Cyberattackers targeting the hospitality industry were recently observed using a phishing page that featured CAPTCHA technology as a way to elude detection, as well as to give potential victims a false sense of security that the malicious site was legit.

The scam was revealed yesterday in a blog post from Menlo Security – the latest in a string of reports this year from security companies that have warned of this social engineering and evasion technique.
A CAPTCHA (sometimes referred to as a reCAPTCHA – a version developed by Google) is a test placed on websites to determine whether a visitor is a genuine human or an unwanted bot.
Click to expand...

But Menlo Security and other cyber firms like Armorblox, KnowBe4 and Barracuda Networks have noted that attackers have been using CAPTCHAs – sometimes multiple layers of them – on their phishing sites to gain two advantages.

“Gaining access to reCAPTCHA only really requires signing up for the service with Google and getting an API key,” said Tanner. “It’s possible that Google has already or will in the future scrutinize new accounts more thoroughly [...].”
Howes suspects that malicious actors are likely taking advantage of free, open-source implementations of CAPTCHA, or even developing their own versions.

At least there are ways for users to spot a fraudulent CAPTCHA – and managers of security awareness programs may want to alert their trainees to look out for these signs.
Click to expand...

Menlo Security: Menlo Threat Labs Uncovers a Phishing Attack Using Captchas

Log in or Sign up

Malicious use of reCaptcha

guest Guest

mirimir Registered Member

guest Guest

Log in or Sign up

Malicious use of reCaptcha

guest Guest

mirimir Registered Member

guest Guest

Useful Searches