A large-scale cybercriminal campaign called ShadowCaptcha is exploiting compromised WordPress sites to deliver information stealers, ransomware, and cryptocurrency miners using social engineering tactics and obfuscated scripts. The campaign primarily targets websites in multiple countries and employs advanced techniques like DLL side-loading and anti-debugging to maintain stealth. #ShadowCaptcha #EpsilonRed #HelpTDS
Keypoints
- The ShadowCaptcha campaign exploits over 100 compromised WordPress sites to redirect visitors to malicious pages.
- Attackers use fake CAPTCHA pages combined with social engineering to deliver malware and miner payloads.
- The campaign employs obfuscated JavaScript and anti-debugging techniques to avoid detection.
- Malicious activities include deploying stealers, ransomware, and cryptocurrency miners with dynamic configurations.
- Most affected sites are located in Australia, Brazil, Italy, Canada, Colombia, and Israel, often through exploited plugins or credentials.
Read More: https://thehackernews.com/2025/08/shadowcaptcha-exploits-wordpress-sites.html