Phishing Attack Using Captchas…! How They Can Land You in Trouble
Beware…! Clicking captchas can lead you to a phishing attack. Yes, you read it right. A routine task we use to perform to prove we’re not a bot has now become a cyber weapon to trap you.
Cybercriminals have found a new way to attack GitHub users, asking them to solve a captcha that leads to run a script which copied to the command prompt and within minutes, your system will be compromised.
The Phishing Attack Mechanism: How They Use Captcha to Lure You
This malicious campaign is run by a group called Jade Sleet, allegedly working for North Korean objectives.
They use GitHub to complete their nefarious intentions by this procedure;
- You will first get an email believed to be from GitHub security team stating about a security vulnerability in your repository with a link to fix this issue.
- GitHub has been providing free security scans for quite some time, but to utilize it, you visit their official site, not some random scanner link.
- This link will open a GitHub scanner, which will show something that seems to be a Captcha to ensure that you are a ‘human’.
- However, the twist is here, clicking on “I’m not a robot” will lead you to a challenge screen that will be completely different from a usual captcha screen.
- It will ask you to perform a task and if you do the same. A script will be download and executed without any prior notice.
How To Save Yourself? Follow These Protective Measures
- Verify Invitations: Always verify repositories collaborations from unknown sources or persons.
- Examine Dependencies: Recheck npm packages and installations scripts for any dubious dependencies.
- Enhance Security Protocols: Improve security protocols by making two-factor authentication and changing passwords mandatory.
In Conclusion: Phishing Is Dangerous, Think Before You Click Any Captcha
Phishing using captcha is one of the emerging cybersecurity threats on the internet. However, if you know how these hackers operate. You can take preventive actions and decrease the chances of becoming a victim.
Remember, your alertness is your best defense…!