<ul data-eligibleForWebStory="false"><li>Splunk Inc. warns of a surge in social engineering campaigns using fake CAPTCHA systems to deliver malware without relying on software vulnerabilities.</li><li>These attacks, dubbed 'ClickFix' and 'FakeCAPTCHA,' trick users into self-infecting their systems by exploiting familiarity with verification systems and using clipboard manipulation techniques.</li><li>The attacks lure victims to malicious websites resembling Google's reCAPTCHA or Cloudflare CAPTCHA pages, prompting users to trigger hidden JavaScript that downloads and executes second-stage payloads.</li><li>To combat this threat, Splunk researchers have introduced open-source tools like ClickGrab and PasteEater, along with detection queries to help organizations monitor for FakeCAPTCHA activity.</li></ul>

Splunk uncovers surge in social engineering through fake CAPTCHA attacks

Discover more