c3dd499c 3673 41c4 b617 e82cc9084cb3 169 Mitra IT | Your Trusted & Reliable Software Solutions

There’s a Thief Behind the ‘I’m Not a Robot’ Content, Beware of Crypto Losses

Jakarta, CNBC Indonesia –Cybercrime is increasingly evolving. New, increasingly sophisticated techniques are emerging to steal internet users’ data, even bank account details.

Recently, researchers from Kaspersky discovered a cyberattack targeting Windows PC users through malicious web ads. The method involves exploiting ads that cover the web screen, then injecting malware.

When clicked, the ads redirect to fake Captcha pages and fake Chrome error messages to trick users into downloading a dangerous malware known as a stealer.

“The criminals purchase several ad slots, and if users see these ads and click on them, they are redirected to a malicious website. This new method involves a significantly expanded distribution network and the introduction of new attack scenarios that reach more victims,” said Vasily Kolesnikov, Security Expert at Kaspersky, as quoted in a written statement on its official website, Sunday (July 12, 2025).

“Now, users can be tricked by fake Captcha prompts or Chrome webpage error messages, thus becoming victims of cyber theft. Both corporate and individual users should exercise caution and think critically before following any suspicious prompts they see online,” he added.

For your information, Captcha is a security feature used on websites and applications to verify whether a user is a human or an automated program or bot.

However, attackers are now exploiting fake Captchas to distribute the Lumma stealer, which previously targeted gamers.

When users visit a gaming website, they are redirected to a fake Captcha page.

When they click the “I’m not a robot” button, a malicious script is copied to their clipboard and prompted to paste it into their terminal, which ultimately downloads and launches a Lumma-like trojan.

This malware is designed to steal sensitive information such as crypto assets, cookies, and password manager data.

It can also take screenshots, obtain credentials for remote access services, and control the victim’s device by downloading remote access tools.

Kaspersky telemetry recorded more than 140,000 incidents related to these malicious ads between September and October 2024. Of these, more than 20,000 users were redirected to fake pages containing malicious scripts.

The most victims were users from Brazil, Spain, Italy, and Russia.

To stay safe, experts advise users to be cautious and avoid following suspicious commands in their browsers, especially when clicking on ads on websites.

SOURCE : CNBC INDONESIA