In its latest Threat Insights Report, HP has identified multiple cyberattacks where hackers use fake CAPTCHA tests to spread malware. By exploiting the growing ‘click tolerance’ among users, criminals succeed in infecting systems through multiple verification steps.
According to the report, cybercriminals are taking advantage of the fact that users have become accustomed to extensive authentication processes. In certain campaigns, victims are led to malicious websites where they must complete fake CAPTCHA tests. This activates a PowerShell command that installs the Lumma Stealer remote access trojan (RAT).
HP also warns about the spread of XenoRAT, an open-source RAT with features to take over webcams and microphones. Attackers use social engineering methods to persuade users to enable macros in Word and Excel documents, giving them full control over the infected systems.
read also
HP Warns of Malware via Fake CAPTCHA Tests
Additionally, HP observes how hackers employ SVG images to spread malware. Attackers hide malicious JavaScript code in these images, which are automatically opened by web browsers. This allows them to distribute multiple forms of malware, including RATs and infostealers.
Increase in Attack Methods
The report, based on data from the fourth quarter of 2024, shows that cybercriminals are diversifying their methods to bypass detection systems. It was found that at least eleven percent of email threats managed to pass through one or more email gateways. Furthermore, executable files were the most commonly used method to spread malware (43%), followed by archive files (32%).
According to Ian Pratt, Global Head of Security for Personal Systems at HP, the findings demonstrate that awareness training alone is not sufficient. “Users increasingly follow multiple steps in an infection chain, which exposes the limitations of traditional awareness training. Organizations need to focus on reducing their attack surface, for example by isolating risky actions such as clicking on suspicious links.”