That weird CAPTCHA could be a malware trap - here's how to protect yourself

[harlan4096]

Follow the 'I'm not a robot' CAPTCHA, and you might just end up with malware on your PC.
 
A persistent malware campaign is exploiting the ubiquitous CAPTCHA process to try to steal data from unsuspecting victims.

As described by security firm Malwarebytes in a new report, this scheme relies on the ease with which people often follow the steps in a CAPTCHA prompt without thinking.

How the attack worksYou land on a website that promises movies, music, pictures, news articles, or some other interesting content. A CAPTCHA prompt pops up, asking you to prove that you're not a robot. As we're all so used to these types of requests, many of us wouldn't think twice about accepting it.


But instead of the usual CAPTCHA challenge that asks you to choose certain images in a picture or identify distorted characters, this one serves up the instructions seen in the image below:



 At this point, most savvy users would realize that something is off here and exit the site. But remember that cybercriminals aren't targeting savvy users; they're trying to hit people who are less knowledgeable and more easily tricked. Even sophisticated users in a rush or on autopilot could fall prey to the trap.

If you follow the steps, the website copies a text string to your Windows clipboard. Normally, you'd have to grant your permission for such an action, but you already did so by checking a checkbox on the first screen of the CAPTCHA prompt.

Continue Reading...