Jakarta, Indonesia Sentinel — In an increasingly digital era, cyber threats continue to evolve with increasingly sophisticated techniques. Recently, researchers from Kaspersky have discovered a new wave of cyberattacks targeting Windows PC users through malicious ads or web advertisements.
These attacks exploit fake Captcha prompts and phony Chrome error messages to deceive users into downloading dangerous malware known as “stealer.”
According to Kaspersky’s telemetry data, over 140,000 incidents related to these malicious ads were recorded in September and October 2024. Of these, more than 20,000 users were redirected to fake pages containing harmful scripts.
The primary targets of these attacks are computer users in Brazil, Spain, Italy, and Russia. Kaspersky experts advise users to remain vigilant and avoid following suspicious instructions that appear while browsing the internet.
Typically, Captcha is used as a security feature to ensure that the user is a human and not an automated bot. However, attackers are now leveraging fake Captchas to distribute Lumma stealer, which previously targeted gamers.
When users visit gaming websites, they are often directed to fake Captcha pages. When they click the “I’m not a robot” button, the malicious script is copied to their clipboard, and users are prompted to paste it into a terminal, ultimately leading to the download and execution of Lumma.
This malware is designed to steal sensitive information such as cryptocurrency assets, cookies, and password manager data.
FBI Warning! Avoid Public Charging Stations to Prevent “Juice Jacking” Attacks
Summary of Key Points:
- Kaspersky identifies a new cyber threat targeting Windows users via malicious ads.
- Fake Captcha prompts trick users into downloading dangerous Lumma malware.
- Over 140,000 incidents reported in two months, primarily affecting users in Brazil, Spain, Italy, and Russia.
- Users are urged to be cautious and avoid suspicious online prompts.
- Lumma malware is designed to capture sensitive data, including cryptocurrency and passwords.
As cyber threats become more prevalent, maintaining cybersecurity awareness is crucial for protecting sensitive information online.
(Becky)