Threat actors have leveraged fraudulent CAPTCHAs to facilitate the deployment of the Lumma information-stealing malware and Amadey botnet as part of a new attack campaign that commenced in mid-September, which was primarily targeted at Brazil, Spain, Italy, and Russia, according to The Record, a news site by cybersecurity firm Recorded Future.
Malicious sites have been leveraged to redirect to a CAPTCHA, with clicking the "I'm not a robot" button followed by the copying and execution of malicious code prompting the distribution of the Lumma infostealer, which not only compromises cryptocurrency wallets and browser-stored data but also generates revenue by increasing traffic to online stores, a report from Kaspersky showed. Other attacks in the campaign involved the delivery of the Amadey botnet, which enables browser credential and cryptocurrency wallet compromise, as well as screenshot capturing and Remcos RAT deployment for total device takeovers, said researchers.