Cyber Criminals Use CAPTCHA To Spread Malware

Uploaded on 2024-03-18 in TECHNOLOGY--Hackers, FREE TO VIEW

Legitimate advertising tools are being exploited by cyber criminals to conceal their illicit campaigns and track victims to see how responsive they are to malware links, new ana;ysis reveals. HP Wolf Security’has identified DarkGate, a group of online criminals using legal advertising tools to boost their spam-based malware attacks. 

The DarkGate gang’s modus operandi involves initiating email phishing campaigns designed to entice recipients into clicking on infected PDF files.

According to HP Wolf Security’s latest Threat Insights Report  the researchers saw threat actors using malicious PDF attachments posing as OneDrive error messages, which direct users to sponsored content hosted on popular ad networks.

The security report claims DarkGate has been operating as a malware provider since 2018, with an apparent shift in tactics last year of using legitimate advertisement networks “to track victims and evade detection.” However, instead of directly redirecting victims to malware payloads upon clicking, DarkGate routes them through legitimate online ad networks. This tactic, while seemingly innocuous, facilitates the group’s ability to gather analytics on victim responsiveness while cloaking their malicious intentions.

The claims are that by using ad services, threat actors can analyse which lures generate clicks and infect the most users, helping them refine campaigns for maximum impact.

According to Cybernews, DarkGate targets potential victims with an email phishing campaign that encourages them to click on an infected PDF file. Then instead of rer-outing the target directly to the payload upon clicking it, the DarkGate campaign sends them to a legitimate online ad network first.

“Using an ad network as a proxy helps cyber criminals to evade detection and collect analytics on who clicks their links,” reads the report, which allows DarkGate to lean into the ad company’s own defences and use them to conceal its malicious activities.

“Since the ad network uses CAPTCHAs to verify real users to prevent click fraud, it’s possible that automated malware analysis systems will fail to scan the malware because they are unable to retrieve and inspect the next stage in the infection chain, helping the threat actor to evade detection,” explained Wolf Security.

Another advantage of being routed through a legitimate ad network domain and asked to pass a CAPTCHA test is that it makes the whole situation appear more plausible and adds to the campaign’s guise of legitimacy.

Even well-trained employees can be fooled by this campaign, “The threat actor behind these campaigns is adept at creating persuasive social engineering lures that are difficult to spot, even for employees who have completed phishing awareness training.” according to HP Wolf.

Cybernews   |   I-HIS     |     CyberMaterial     |     LinkedIn     |     Cybernews     |     Science Of Security     |    

Tech Radar   |

Image: Viktor Morozuk

You Might Also Read: 

Beware PowerPoint Files With Hidden Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Deepfakes Deployed In Mobile Banking Malware Attacks
Iranian Spy Ship Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

XM Cyber

XM Cyber

XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.