Watch Out for Fake CAPTCHAs

There’s a particular hazard appearing on the internet right now that you need to know about. Please read this post and be ready, because this is an extreme hazard to you and your computer. Read on for how to watch out for fake CAPTCHAs:

Real vs. Fake CAPTCHAs

We deal with CAPTCHA messages all the time. Most of them are harmless. They pop-up as you try to sign-in on a website, you get to solve a puzzle or click all of the squares that contain a donkey, and then you are let past. They are just there to keep the bots at bay.

But a fake CAPTCHA has been developed. It looks very much like a legitimate CAPTCHA, but after you check its box, it asks you to press a few keys on your keyboard (to “further prove you are a human”). It sounds reasonable, but if you cooperate with those keypresses, then you allow some very scary malware onto your computer.

This is happening right now, on a popular website used by people in the Shenandoah Valley. I really don’t want anyone to be taken by this, so check out these screenshots to safely learn more and know what to watch for. Please note: the URL shown in the images below is normally a safe and great website. But that site has been hacked and compromised and is currently not safe to visit.

A Live Example

When I heard that a valley website was possibly infected, of course, I whipped out my phone and went there immediately. (Don’t do this yourself.) And when I went to their URL, nothing happened. Because I was on a mobile device. This particular exploit (at least for this instance) only pops up on PCs.

When I went to the infected website on a Windows computer, I saw the real page for a split second and then it switched to this:

Again, please do not visit the URL shown above! It is dangerous!

But, I did tick the box and next saw:

I had to stop here. I knew this exploit, from previous reports. This is an amazing trick that could install anything on my computer, silently and in a heartbeat.

I did grab the string of text that this thing wanted me to inject into my computer’s veins:

I can start to break down what all that code means. That “powershell -win 1 -ep bypass” means “run the following code with full permissions and no restrictions”. The gobbledy-gook that follows? I ran that through a decoder tool, to reveal a shortened URL. If I follow that URL, it changes to an IP address in the Netherlands. From the articles I’ve linked to above, I can fairly well guess that this script would install an “infostealer” on my computer, from some server in North Holland.

An infostealer is a malware program. It runs silently on a system and steals your passwords, account info, keystrokes and probably much more. It “lives” on a system, and repeats the data theft for as long as it stays running. In case I haven’t made it abundantly clear, this is extremely scary stuff!

What You Can Do

The most important thing for you to do is just be educated by all of this. Know that a safe CAPTCHA is only going to ask you to click on a puzzle. Normal CAPTCHAs will not ask you to type anything complex or press special key combinations. If you ever see anything like the second graphic above, close the website to get away, ASAP.

Next (and optional) is to report the problem. But to whom do you report it? The website owner, or whoever is in charge of the website. They may not know their site has been infected! And they need to know, so that they can act quickly, before site visitors are brought to harm. The webmaster or host will have to take the website down, repair and disinfect it, and then bring it back online.

If you cannot determine the owner of a website, you could instead report the website to Google and Microsoft. I’ve done this already, because I have yet to reach anyone in charge of the website. I doubt that Big Tech will respond to me, but they may track down that IP address in the code and put it out of commission.

And lastly, if you’ve fallen victim to this kind of dangerous website, if you followed the keystrokes and allowed an unknown thing onto your computer: Disconnect your computer from the internet, turn off the computer and seek professional tech-help.