With cyber criminals constantly looking for new ways to attack computer systems, it is important to always remain on your guard.
A recent style of attack involves the use of a fake “CAPTCHA” pop-up box.
You will probably be familiar with CAPTCHA – a challenge–response test which is used to determine whether the user is human. It might require you to type in a phrase that you can see written in non-standard text, and that needs a human brain to interpret it. Or it might show you a picture that is broken down into a grid of squares and you are asked to click on all the squares that contain a certain item.
CAPTCHA in itself is a useful tool and it isn’t a risk to respond to these questions.
However, the recent scam uses the “Run” box, to install malware and it’s important to be aware that the run box will NEVER be used for any genuine kind of CAPTCHA or authentication.
The scam works by asking you to click on a button that says “I’m not a robot” but then generates a pop-up message asking you to take three sequential steps to prove that you’re human.
- Step 1 asks the user to simultaneously press the Windows icon and the letter “R,” which opens a Windows “Run” prompt.
- Step 2 asks the user to press the “CTRL” key and the letter “V” at the same time. This pastes malicious code from the site’s virtual clipboard.
- Step 3 asks the user to press the “Enter” key. This causes Windows to launch a command which executes a malicious file.
If your business uses a Security Operations Centre detection and response service, then this should identify and contain the threat. However, if you don’t, and the device isn’t quickly isolated, then you may run the risk of other devices across your network being infected.
Even if the affected machine is isolated quickly, it is likely to need rebuilding, which causes disruption, at best.
Please share this information with your colleagues as soon as possible and if you have any concerns, or would like to discuss a Detection and Response solution, please contact us as a matter of urgency.