Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 15 February 2025

⏱️ 33 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Nati Tal, Head of Guardio Labs, discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing. Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats. The research can be found here: “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	Hey, everybody, Dave here. Have you ever wondered where your personal information is lurking online?
0:19.1	Like many of you, I was concerned about my data being sold
0:22.8	by data brokers. So I decided to try, delete me. I have to say, delete me is a game changer.
0:29.9	Within days of signing up, they started removing my personal information from hundreds of data brokers.
0:36.3	I finally have peace of mind knowing my data privacy
0:39.4	is protected. Delete Me's team does all the work for you with detailed reports so you know exactly
0:45.7	what's been done. Take control of your data and keep your private life private by signing up for
0:51.5	Delete Me. Now at a special discount for our listeners. Today, get 20%
0:56.6	off your DeleteMe plan when you go to join deleteme.com slash N2K and use promo code N2K at checkout.
1:05.7	The only way to get 20% off is to go to join deleteme.com slash N2k and enter code n2k at checkout. That's join
1:14.5	deleteme.com slash n2k code n2k.
1:18.2	Hello everyone and welcome to the CyberWires Research Saturday.
1:34.1	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:38.8	tracking down the threats and vulnerabilities,
1:41.6	solving some of the hard problems and protecting ourselves in a rapidly
1:45.5	evolving cyberspace. Thanks for joining us.
1:52.6	How did they manage to go to such a large scale in such a short time.
2:01.6	That's Natital, head of Guardio Labs.
2:04.6	The research we're discussing today is titled Deception Ads,
2:08.6	fake captcha driving infoster infestiler infections,
2:11.6	and a glimpse to the dark side of internet advertising. Because something else is going on and we want to understand what,
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.