Cyber Criminals Use CAPTCHA To Spread Malware
Legitimate advertising tools are being exploited by cyber criminals to conceal their illicit campaigns and track victims to see how responsive they are to malware links, new ana;ysis reveals. HP Wolf Security’has identified DarkGate, a group of online criminals using legal advertising tools to boost their spam-based malware attacks.
The DarkGate gang’s modus operandi involves initiating email phishing campaigns designed to entice recipients into clicking on infected PDF files.
According to HP Wolf Security’s latest Threat Insights Report the researchers saw threat actors using malicious PDF attachments posing as OneDrive error messages, which direct users to sponsored content hosted on popular ad networks.
The security report claims DarkGate has been operating as a malware provider since 2018, with an apparent shift in tactics last year of using legitimate advertisement networks “to track victims and evade detection.” However, instead of directly redirecting victims to malware payloads upon clicking, DarkGate routes them through legitimate online ad networks. This tactic, while seemingly innocuous, facilitates the group’s ability to gather analytics on victim responsiveness while cloaking their malicious intentions.
The claims are that by using ad services, threat actors can analyse which lures generate clicks and infect the most users, helping them refine campaigns for maximum impact.
According to Cybernews, DarkGate targets potential victims with an email phishing campaign that encourages them to click on an infected PDF file. Then instead of rer-outing the target directly to the payload upon clicking it, the DarkGate campaign sends them to a legitimate online ad network first.
“Using an ad network as a proxy helps cyber criminals to evade detection and collect analytics on who clicks their links,” reads the report, which allows DarkGate to lean into the ad company’s own defences and use them to conceal its malicious activities.
“Since the ad network uses CAPTCHAs to verify real users to prevent click fraud, it’s possible that automated malware analysis systems will fail to scan the malware because they are unable to retrieve and inspect the next stage in the infection chain, helping the threat actor to evade detection,” explained Wolf Security.
Another advantage of being routed through a legitimate ad network domain and asked to pass a CAPTCHA test is that it makes the whole situation appear more plausible and adds to the campaign’s guise of legitimacy.
Even well-trained employees can be fooled by this campaign, “The threat actor behind these campaigns is adept at creating persuasive social engineering lures that are difficult to spot, even for employees who have completed phishing awareness training.” according to HP Wolf.
Cybernews | I-HIS | CyberMaterial | LinkedIn | Cybernews | Science Of Security |
Image: Viktor Morozuk
You Might Also Read:
Beware PowerPoint Files With Hidden Malware:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible
