Malicious Captcha’s to Malicious Copy Code Buttons

October 29, 2024

Malicious Captchas

Russian APT 28 aka FancyBear was recently discovered to be deploying a very unique phishing scheme against local Ukrainian government workers. The technique involved copying malware to the user’s clipboard when interacting with a malicious captcha. Specifically when a user clicks the checkbox to prove they are not human, the malware was then copied to their clipboard. The user then had to open a terminal and paste the payload into the terminal and execute it. Overall the method on the outside appears rather clumsy, and would likely fail most of the time. On second thoughts though, this scheme could have far more dangerous and effective implementations.

Malicious Copy Code Buttons

Take for instance tech blogs that include terminal commands that users are used to copying and pasting directly into their terminals, and I would guess often hitting enter without taking a second glance. Utilizing the same technique as the captcha phishing scheme, when a user clicks the “Copy Code” button, often found in the upper-right hand corner of code-blocks in tech blogs, the malicious payload would be copied to the user’s clipboard and not the legit and harmless code the user thought they were copying. When the user pastes the command into the terminal and hits enter, the hacker takes control, from here it is the same story of system compromise etc.

In the End

In the end, developers just need to be responsible and watch the code they paste into their terminals and be sure to understand exactly what it does, if you are unsure, you can run it through GPT (although that has its own risks).

That’s a wrap! I hope you enjoyed it! As always let me know your thoughts!

Walter Miely is a tech entrepreneur and CEO of Phoenix Ignited Tech You can find him on Linkedin. This material is licensed under the CC BY 4.0 License LEGAL DISCLAIMER: The content provided here is provided AS IS, and part of, or the entirety of this content may be incorrect. Please read the entireLegal Disclaimer here.

Legal Disclaimer This website and all content on this website including but not limited to educational content, tutorials, software tutorials, cyber security tutorials, server management tutorials, application tutorials, is provided "AS IS" with absolutely no warranty including absolutely no warranty of Usability or Merchantability, not even implied warranty. Read the full disclaimer here: PHOENIX IGNITED DISCLAIMER
All Logos and Copywritten material is the trademark and / or copyright of the respective owners / companies. The respective owners / companies hold all rights to the respective trademarks / copy written material and is displayed on this site strictly in accordance with any agreements between Phoenix Ignited LLC and the respective owners / companies.

+ Ave Maria +

Malicious Captcha’s to Malicious Copy Code Buttons