Getting hard and harder to prove that I am human …

El lado del mal - Inteligencia Artificial y el negocio de resolver "Capthas Cognitivos" para el Cibercrimen. https://www.elladodelmal.com/2025/04/inteligencia-artificial-y-el-negocio-de.html #Captcha #FunCaptcha #ReCaptcha #AWS #TurnSite #AI #IA #hCaptcha #Cibercrimen #AkiraBot #Botnet #InteligenciaArtificial #WebScrapping

Evasive Campaign Pushing Legion Loader Malware

A highly evasive web campaign is exploiting clipboard hijacking to trick users into running MSI files containing Legion Loader malware. The campaign employs multiple cloaking strategies, including captcha pages, disguised blog sites, and dynamic download URLs. The malicious script instructs victims to paste content into a Run window, which downloads and displays the MSI file. The campaign uses TDS traffic or affiliate links with short-lived parameters to lead victims to malicious download pages. When accessed without valid parameters, the URLs display benign content. The campaign's infrastructure includes 76 domains resolving to a single IP address, all disguised as blog sites.

Pulse ID: 67f8da7be17ebfb8d197c6b1
Pulse Link: https://otx.alienvault.com/pulse/67f8da7be17ebfb8d197c6b1
Pulse Author: AlienVault
Created: 2025-04-11 09:01:47

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

A spam framework targets website chats/forms using CAPTCHA bypass and network evasion.

#cybersecurity #AI #spam #website #CAPTCHA

https://cnews.link/akirabot-spams-over-80000-websites-1/

New AkiraBot Abuses OpenAI API to Spam Website Contact Forms – Source:hackread.com https://ciso2ciso.com/new-akirabot-abuses-openai-api-to-spam-website-contact-forms-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #ScamsandFraud #AkiraBot #Hackread #security #Captcha #OpenAI #Spam #API #SEO #AI

New AkiraBot Abuses OpenAI API to Spam Website Contact Forms https://hackread.com/akirabot-abuses-openai-api-spam-website-contact-forms/ #ScamsandFraud #Cybersecurity #Security #AkiraBot #Captcha #OpenAI #Spam #API #SEO #AI

and while we're at #temu, i do wonder if their modus operandi of serving #captcha is: "you customer browse too slow; made puzzles as punishment. you buy our products fast"

New Evasive Campaign Delivers LegionLoader via Fake CAPTCHA & CloudFlare Turnstile

A new malicious campaign has been discovered targeting users searching for PDF documents online. The attack uses fake CAPTCHAs and CloudFlare Turnstile to deliver LegionLoader malware, which then installs a malicious browser extension. The infection chain involves a drive-by download, execution of a VMware-signed application that sideloads a malicious DLL, and use of process hollowing to inject the LegionLoader payload. The browser extension, disguised as 'Save to Google Drive', is installed on Chrome, Edge, Brave and Opera browsers to steal sensitive user data and monitor Bitcoin activities. The campaign has affected over 140 customers, primarily in North America, Asia and Southern Europe, with technology and financial services sectors being the most targeted.

Pulse ID: 67f0e1fafb3df4665f729a46
Pulse Link: https://otx.alienvault.com/pulse/67f0e1fafb3df4665f729a46
Pulse Author: AlienVault
Created: 2025-04-05 07:55:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#PorSiTeLoPerdiste ¿Cómo identificar los CAPTCHA falsos y evitar estafas? https://www.enter.co/empresas/seguridad/como-identificar-los-captcha-falsos-y-evitar-estafas/?utm_source=dlvr.it&utm_medium=mastodon #Seguridad #captcha #reCAPTCHA

A Fake CAPTCHA Leverage Pastejacking Script To Steal Clipboard Data

Pulse ID: 67f1d69283dadce3f7a82b17
Pulse Link: https://otx.alienvault.com/pulse/67f1d69283dadce3f7a82b17
Pulse Author: cryptocti
Created: 2025-04-06 01:19:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Social media post I wrote for my employer on other platforms.

2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste script into a Run window. Latest info at

Information from an infection run earlier today at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-04-04-IOCs-forKongTuke-web-inject-leading-to-fake-CAPTHA-page.txt

Of note, we can find legitimate websites with the injected hashtag#KongTuke script by pivoting on the KongTuke domain in URLscan:

https://urlscan.io/search/#lancasternh.com

Proactive ClickFix Threat Hunting with Hunt.io

ClickFix is a browser-based delivery technique that uses deceptive prompts and clipboard hijacking to trick users into executing malicious commands. Cybercriminals and advanced actors employ this method to deploy malware, primarily information stealers. The technique involves luring users with fake system alerts or CAPTCHA challenges, then silently staging payloads for execution. The article describes how Hunt.io's research team used custom queries to identify web infrastructure associated with ClickFix delivery, uncovering multiple live domains serving malicious content. Examples include a Bitcoin-themed domain posing as Cloudflare WAF to deliver Lumma and CryptBot malware, a page targeting Zoho Office Suite credentials, and a compromised website abusing PowerShell. The report emphasizes the growing traction of ClickFix as a low-friction method for malware delivery and credential harvesting.

Pulse ID: 67ef854620c41c3fd65378db
Pulse Link: https://otx.alienvault.com/pulse/67ef854620c41c3fd65378db
Pulse Author: AlienVault
Created: 2025-04-04 07:07:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

BREAKING: NOAA's #weather websites are playing hide and seek this weekend using #Amazon and #Google clouds as their invisibility cloaks. Meanwhile, Bloomberg's #CAPTCHA robot is holding your browser hostage, demanding JavaScript and #cookies as ransom.
https://www.bloomberg.com/news/articles/2025-04-04/us-weather-agency-websites-to-vanish-under-planned-contract-cuts #NOAA #HackerNews #ngated

¿Cómo identificar los CAPTCHA falsos y evitar estafas? https://www.enter.co/empresas/seguridad/como-identificar-los-captcha-falsos-y-evitar-estafas/?utm_source=dlvr.it&utm_medium=mastodon #Seguridad #captcha #reCAPTCHA

#Airbnb è diventato più esigente e richiede un po' di ginastica mentale per poter entrare, credo che rinuncero' per oggi, mica è urgente #captcha

SVG Phishing Malware Being Distributed with Analysis Obstruction Feature

A sophisticated phishing malware using Scalable Vector Graphics (SVG) format has been identified. The malware embeds malicious scripts within SVG files, using Base64 encoding to bypass detection. It employs various techniques to obstruct analysis, including blocking automation tools, preventing specific keyboard shortcuts, disabling right-clicks, and detecting debugging attempts. The malware redirects users to a fake CAPTCHA page, which, when interacted with, leads to further malicious actions, potentially a phishing site impersonating Microsoft login pages. This evolving threat highlights the need for increased user vigilance, especially when dealing with SVG files from unknown sources.

Pulse ID: 67ebfca3de542aee8e8fc2ef
Pulse Link: https://otx.alienvault.com/pulse/67ebfca3de542aee8e8fc2ef
Pulse Author: AlienVault
Created: 2025-04-01 14:48:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.