Security News > 2023 > January > Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month
According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run" technique to abuse free cloud resources.
Whereas Sysdig identified 3,200 malicious accounts belonging to 'PurpleUrchin,' Unit 42 now reports that the threat actor has created and used over 130,000 accounts on the platforms since August 2019, when the first signs of its activities can be traced.
Unit 42 discovered that the threat actor didn't use containerized components only for mining but also for trading the mined cryptocurrency across various trading platforms, including ExchangeMarket, crex24, Luno, and CRATEX. New Play and Run tactics.
Play and Run is a term for threat actors using paid resources for profit, in this case, cryptomining, and refusing to pay the bills until their accounts are frozen.
One notable technique employed by Automated Libra is a CAPTCHA-solving system that helps them create many accounts on GitHub without requiring manual intervention.
The threat actors use ImageMagic's "Convert" tool to convert CAPTCHA images into their RGB equivalents and then use the "Identify" tool to extract the Red channel skewness for each image.