A malware attack that avoids automatic detection appears by requesting 'CAPTCHA'



CAPTCHA is a test that reads and inputs sloppy characters etc., and is used to confirm that the responder is not a computer. Microsoft has warned about hacking groups that attack by avoiding automatic detection of security software by intentionally preparing such CAPTCHAs.

To evade detection, hackers are requiring targets to complete CAPTCHAs | Ars Technica
https://arstechnica.com/information-technology/2020/06/to-evade-detection-hackers-are-requiring-targets-to-complete-captchas/

Microsoft warned against using CAPTCHA to bypass automatic malware detection. The victim first accesses the landing page where CAPTCHA is implemented by accessing the URL described in the email or opening the attached Excel file. Then, by unlocking CAPTCHA, it downloads the Trojan horse 'GraceWire' that steals confidential information such as passwords.



This method requires the victim to unzip CAPTCHA in order to download the malicious file. However, by implementing CAPTCHA, it is possible to avoid mechanical 'automatic detection' implemented by security companies and browsers themselves.

According to Microsoft, the attacker is a hacker group called 'CHIMBORAZO'.




According to Jérôme Segura, head of threat intelligence at cybersecurity firm Malwarebytes, malware attacks using CAPTCHAs are rare, but precedents exist. In December 2019, a similar technique was reported to request Google's reCAPTCHA- like CAPTCHA.




“Regularly changing attack routines is one way attackers can outsmart defenders,” said Ars Technica, an IT news site. Attack groups could change attack vectors again in the coming months. Yes, we must be vigilant to prevent all attacks.”

in Security, Posted by log1k_iy