Cyber Criminals Use CAPTCHA To Spread Malware

Uploaded on 2024-03-18 in TECHNOLOGY--Hackers, FREE TO VIEW

Legitimate advertising tools are being exploited by cyber criminals to conceal their illicit campaigns and track victims to see how responsive they are to malware links, new ana;ysis reveals. HP Wolf Security’has identified DarkGate, a group of online criminals using legal advertising tools to boost their spam-based malware attacks. 

The DarkGate gang’s modus operandi involves initiating email phishing campaigns designed to entice recipients into clicking on infected PDF files.

According to HP Wolf Security’s latest Threat Insights Report  the researchers saw threat actors using malicious PDF attachments posing as OneDrive error messages, which direct users to sponsored content hosted on popular ad networks.

The security report claims DarkGate has been operating as a malware provider since 2018, with an apparent shift in tactics last year of using legitimate advertisement networks “to track victims and evade detection.” However, instead of directly redirecting victims to malware payloads upon clicking, DarkGate routes them through legitimate online ad networks. This tactic, while seemingly innocuous, facilitates the group’s ability to gather analytics on victim responsiveness while cloaking their malicious intentions.

The claims are that by using ad services, threat actors can analyse which lures generate clicks and infect the most users, helping them refine campaigns for maximum impact.

According to Cybernews, DarkGate targets potential victims with an email phishing campaign that encourages them to click on an infected PDF file. Then instead of rer-outing the target directly to the payload upon clicking it, the DarkGate campaign sends them to a legitimate online ad network first.

“Using an ad network as a proxy helps cyber criminals to evade detection and collect analytics on who clicks their links,” reads the report, which allows DarkGate to lean into the ad company’s own defences and use them to conceal its malicious activities.

“Since the ad network uses CAPTCHAs to verify real users to prevent click fraud, it’s possible that automated malware analysis systems will fail to scan the malware because they are unable to retrieve and inspect the next stage in the infection chain, helping the threat actor to evade detection,” explained Wolf Security.

Another advantage of being routed through a legitimate ad network domain and asked to pass a CAPTCHA test is that it makes the whole situation appear more plausible and adds to the campaign’s guise of legitimacy.

Even well-trained employees can be fooled by this campaign, “The threat actor behind these campaigns is adept at creating persuasive social engineering lures that are difficult to spot, even for employees who have completed phishing awareness training.” according to HP Wolf.

Cybernews   |   I-HIS     |     CyberMaterial     |     LinkedIn     |     Cybernews     |     Science Of Security     |    

Tech Radar   |

Image: Viktor Morozuk

You Might Also Read: 

Beware PowerPoint Files With Hidden Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Deepfakes Deployed In Mobile Banking Malware Attacks
Iranian Spy Ship Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.

Whiteswan Identity Security

Whiteswan Identity Security

At Whiteswan, we are committed to protecting the digital landscapes of modern enterprises with adaptive, identity-first security solutions that ensure trust, compliance, and resilience.