Danger! Fake Captchas endanger your data - this is how you protect yourself!
Danger! Fake Captchas endanger your data - this is how you protect yourself!
The Federal Office of Information Technology (BSI) raises the alarm: Cybercriminal benefits fake captchas to lure unsuspecting users into the trap. These fake security queries, which disguise themselves as legitimate captcha technology, call on users to enter harmful key combinations. These combinations can trigger potentially harmful commands and thus endanger the safety of the devices, warns the BSI. Ruhr24 reports .
It is particularly dangerous if, after the first click on "I am not a robot", an additional banner appears with further instructions. Real captchas never require users to press certain buttons on their keyboard. Therefore, internet users should exercise increased caution.
protective measures and recommendations for action
The BSI gives some recommendations to protect yourself from such fraudulent captcha. In particular, the use of ad blockers is recommended to avoid malicious code in advertising banners. In addition, it is advisable not to use administrator rights when surfing to make the installation of malware difficult. Users should also remain suspicious if they are asked to use unusual interactions with their device.
If there is a suspicion that the device was infected by a fake captcha, affected people should consider the following steps:
-
Replate
- operating system.
- Restore data from external backup data carriers.
- Secure important data if there is no current data backup.
- Passwords of online contacts, especially email accounts, change.
Regular backups are crucial to be prepared in an emergency and to avoid data losses.
The risk of popular content
The danger is reinforced by the fact that hackers have developed a method to take advantage of recaptchas in order to capture the clipping of the users and install malware. The attackers often attract users to defective pages that offer popular content such as films or music. Users are then confronted with a captcha query whose legitimacy they often do not question. Tom’s Guide informed .
Clicking on the corresponding checkbox usually leads to further confirmation steps in which commands such as Windows key + R, Ctrl + V and Enter have to be entered. In fact, these commands can lead to the installation of malware, since the damaged side copies a command into the clipboard. Malwarebytes has identified this technology and, among other things, mentions the Lumma Stealer and SectoPrat as examples of the malware spread using this method.
In order to protect themselves from such attacks, users should be particularly careful if they are asked to solve captchas on lesser known websites. A combination of antivirus software and browser extensions for blocking damaged pages can offer additional security. In addition, deactivating JavaScript could prevent access to the clipboard, but this can affect the functionality of many websites.
After all, it is of crucial importance to always remain informed about the latest fraud stitches and to follow the basic principles of cyber security in order to act safely on the Internet.
| Details | |
|---|---|
| Ort | Deutschland |
| Quellen | |
Kommentare (0)