Security News > 2021 > August > Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware
2021-08-13 21:04

Cyberattackers are using Google's reCAPTCHA and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers.

CAPTCHAs are familiar to most internet users as the challenges that are used to confirm that they're human.

"Hiding phishing content behind CAPTCHAs prevents security crawlers from detecting malicious content and adds a legitimate look to phishing login pages," according to a Friday writeup from Palo Alto Networks' Unit 42.

Besides the endless litany of phishing campaigns, scam campaigns and malicious gateways using CAPTCHA evasion are on the rise, according to Unit 42.

The good news is that Unit 42 researchers said that it's possible to detect phishing pages through the association of CAPTCHA keys.

"We see many malicious campaigns reuse CAPTCHA service keys, either to simplify their malware infrastructure or to avoid being blocked by the legitimate reCAPTCHA provider for creating too many CAPTCHA accounts and keys," they explained.


News URL

https://threatpost.com/cyberattackers-captchas-phishing-malware/168684/