CyberWire Daily

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

Feb 15, 2025

Nati Tal, Head of Guardio Labs, dives into the dark world of online scams with his insights on the 'DeceptionAds' campaign. He reveals how fake CAPTCHAs trick users into running malicious commands, leading to Lumma malware infections. Nati discusses the deceptive tactics that cybercriminals use to exploit trust and bypass security measures. He highlights the challenges posed by ad networks that facilitate these attacks and the ongoing battle to protect users from such insidious threats, even after takedown efforts.

35:08

Creator website

Episode guests

Nati Tal

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The 'DeceptionAds' campaign exploits user trust in CAPTCHA by tricking them into running harmful commands that install Lumma malware.

Fragmented accountability within the ad network ecosystem complicates efforts to mitigate threats, allowing malicious ads to resurface quickly after takedown attempts.

Deep dives

Understanding Fake Captcha Campaigns

Fake captcha scams are designed to exploit users' familiarity with legitimate captcha challenges. By mimicking typical captcha activities that require users to prove they are human, threat actors trick individuals into executing harmful commands on their computers. When users believe they are completing a harmless task, they unknowingly execute malicious code that can install information-stealing malware like Luma Stealer. This method capitalizes on human tendencies to trust familiar online interactions, leading to widespread infections without users realizing their mistake.

Intro

2min

The Rise of Fake CAPTCHAs in Cybercrime

6min

Unraveling the Malware Campaign Linked to Ad Networks

4min

Inside Ad Networks: From Publishers to Users

6min

Navigating the Complexities of Ad Network Malpractices

4min

Navigating Malware Challenges in Ad Networks

10min

Exploring Cybersecurity Insights and Upcoming Discussions

2min

Nati Tal, Head of Guardio Labs, discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing.

Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats.

The research can be found here:

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Fake Captcha Campaigns

Ad Networks as Vectors for Cyber Threats

Fragmented Accountability in Cybersecurity

The research can be found here:

Remember Everything You Learn from Podcasts