Sunday, May 4, 2025
HomeComputer SecurityHackers Hiding Malware behind Captcha to Bypass Secure Email Gateways

Hackers Hiding Malware behind Captcha to Bypass Secure Email Gateways

Published on

SIEM as a Service

Follow Us on Google News

Hackers using Captcha to hide the presence of malware and to evade email security gateways. By using this technique attackers show that email is sent human and evades detection.

Attackers use various social engineering methods to trick the users to believe the emails is from a legitimate source, here the email’s are from a compromised account at @avis.ne.jp.

Hidden Malicious Page Behind Captcha

Cofense identified a new email campaign that alerts recipients that they received a new voicemail message. The voice was with a preview that tempts users to listen to the full message.

- Advertisement - Google News
Email Body credits: Cofense

The email contains a play button which has an embedded hyperlink pointing to the page that contains captcha, this step is to bypass the automated analysis tools and to bypass secure email gateways.

Once the user click’s on the link they get directed to the captcha page, once the captcha check completed users taken to the main phishing page that hosted on MSFT infrastructure.

The phishing page asks the user to select a Microsoft account to log in when the victim login all their credentials are captured.

Phishing page Image credits: Cofense

“Both pages are legitimate Microsoft top-level domains, so when checking these against domain reputation databases we receive a false negative and the pages come back as safe,” reads Cofense report.

The attack method is nothing new, the important part is the Captcha page which makes the attack more successful by evading the security controls placed.

Email Header Analysis always helps you in preventing such malicious threat, emails are the critical business asset and they need to be secured.

Before clicking on a link, investigate that the website is safe, there are various methods to the check is this website safe or not.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Threat Actors Target Critical National Infrastructure with New Malware and Tools

A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated,...