🔥 TRENDING
🔥 February Smartphone Launches Heat Up Tech Scene
🔥 Microsoft Data Center Power Outage Disrupts Key Services
🔥 AI Chatbot Misuse Ranks Top Health Tech Hazard for 2026
🔥 Flickr Confirms Data Breach Following Security Flaw at External Partner
🔥 Fake PDF Files Used to Secretly Install Remote Access Tools on Victims’ Systems
🔥 Opus 4.6: Anthropic's AI Workforce for the Rest of Us?
🔥 n8n Workflow Vulnerability Bypassed in Days: How to Secure Your Automation (CVE-2026-25049)
🔥 Amazon's Alexa+ Goes Free for Prime Members: A Battle with ChatGPT?
🔥 Meta and Ubisoft Signal Industry Reset: The End of Growth-at-All-Costs Philosophy
🔥 Bitcoin's Supply Crossroads: Miners, ETFs, and the $98K STH Threshold
🔥 February Smartphone Launches Heat Up Tech Scene
🔥 Microsoft Data Center Power Outage Disrupts Key Services
🔥 AI Chatbot Misuse Ranks Top Health Tech Hazard for 2026
🔥 Flickr Confirms Data Breach Following Security Flaw at External Partner
🔥 Fake PDF Files Used to Secretly Install Remote Access Tools on Victims’ Systems
🔥 Opus 4.6: Anthropic's AI Workforce for the Rest of Us?
🔥 n8n Workflow Vulnerability Bypassed in Days: How to Secure Your Automation (CVE-2026-25049)
🔥 Amazon's Alexa+ Goes Free for Prime Members: A Battle with ChatGPT?
🔥 Meta and Ubisoft Signal Industry Reset: The End of Growth-at-All-Costs Philosophy
🔥 Bitcoin's Supply Crossroads: Miners, ETFs, and the $98K STH Threshold

Hackers Trick Users into Self-Infection with Fake CAPTCHA and Hidden Malware

• 👤 Abbas Kandemir
📂 Technology
A fake CAPTCHA prompt designed to trick users into executing malicious Windows scripts

Hackers are tricking users into self-infection with a fake CAPTCHA that turns Windows own tools into a backdoor for data theft.

Blackpoint Cyber researchers Jack Patrick and Sam Decker identified a Fake CAPTCHA campaign delivering Amatera Stealer via Windows scripts and steganography. The attack uses LOLBin SyncAppvPublishingServer.vbs to bypass antivirus detection while hiding malicious code in PNG images via steganography. These manipulated images are hosted on public sites like Imgur to avoid suspicion.

The attack chain pulls instructions from a Google Calendar (.ics) file to mimic legitimate traffic patterns. Amatera Stealer specifically targets browser data, passwords, and credit card information while masquerading as traffic to microsoft.com/facebook.com.

Researchers noted this technique fails on Windows Home editions due to App-V feature requirements.

Blackpoint Cyber emphasized the threat of 'living off the land' techniques using trusted infrastructure. As Patrick and Decker explained:

This isn’t just a random set of steps. By doing this, the user is unknowingly running a command that starts the infection.
Related Topics:
#Technology #hacker #Microsoft

Read more