Summary: Netskope Threat Labs has identified a new malicious campaign that uses fake CAPTCHAs and CloudFlare Turnstile to distribute the LegionLoader malware. This campaign exploits victims searching for PDF documents online, coercing them into downloading malware through deceptive redirections. The attack primarily targets users in the technology and financial services sectors across North America, Asia, and Southern Europe.
Affected: Netskope customers
Keypoints :
- The campaign starts with victims searching for documents and being redirected to malicious websites.
- Infected users encounter fake CAPTCHAs, leading them to enable browser notifications and unwittingly download malware.
- Attackers employ sophisticated techniques, including using a VMware-signed application and a maligned browser extension, to evade detection and steal sensitive information.
Source: https://securityonline.info/new-evasive-campaign-uses-fake-captchas-to-deliver-legionloader/