Kaspersky has detected a new wave of cyber attacks targeting users through malicious online advertisements. These attacks trick users into downloading malware by redirecting them to fake CAPTCHA pages. The company emphasizes the extensive distribution network of these attacks, urging users to remain vigilant.
The latest campaign targets Windows PC users, where victims unknowingly click on full-screen ads that lead them to counterfeit CAPTCHA pages or fake Chrome error messages asking them to download malware.
This year, Kaspersky reported that cybercriminals had been utilizing fake CAPTCHAs as part of a scheme called 'Lumma thief,' which particularly targets gamers. Users are misled into clicking on ads while browsing gaming sites, subsequently being directed to a page that instructs them to download malware.
Once users click the 'I am not a robot' button, a hidden command is copied to their clipboard, leading to the installation of the Lumma malware. This malware searches for cryptocurrency files, cookies, and password manager data on the victim's device while also boosting view counts on various e-commerce platforms, generating additional financial gains for the attackers.
Another scenario identified involves a web page designed to resemble a Chrome error message, where users are instructed to copy a 'fix' into their terminal window. Kaspersky notes that this new wave of attacks has been distributed through file-sharing services, internet applications, betting portals, adult content sites, anime communities, and other channels.
Attackers have also employed the 'Amadey Trojan' in their operations, capable of stealing credentials from popular browsers and cryptocurrency wallets. They can capture screenshots, obtain credentials for remote access services, and install remote access tools for full control of devices.
Kaspersky telemetry revealed over 140,000 instances of these malicious ads in September and October alone, with more than 20,000 users redirected to fake pages hosting malicious scripts. This attack has reached users across various regions, including Latin America, Africa, the Middle East, and Asia.
Kaspersky Security Expert Vasily Kolesnikov remarked that attackers have purchased ad space, directing users to malicious sources upon clicking. He highlighted that this new attack wave features a significantly expanded distribution network and new scenarios to reach more victims. Both corporate and individual users should critically assess suspicious redirects before following them.
To combat theft-related threats, Kaspersky recommends that businesses check if their device or application credentials have been compromised using Kaspersky Digital Footprint Intelligence. They should also employ dedicated security solutions like Kaspersky Endpoint Security for Business, which aids in the rapid detection of malicious activities through behavioral analysis. Additionally, businesses should provide comprehensive cybersecurity training for their staff to mitigate human-related risks and enhance digital literacy. Individuals are advised to use security solutions like Kaspersky Premium to prevent access to suspicious pages or phishing emails and to securely store passwords using Kaspersky Password Manager.