Wednesday, May 14, 2025
HomeComputer SecurityHackers Hiding Malware behind Captcha to Bypass Secure Email Gateways

Hackers Hiding Malware behind Captcha to Bypass Secure Email Gateways

Published on

SIEM as a Service

Follow Us on Google News

Hackers using Captcha to hide the presence of malware and to evade email security gateways. By using this technique attackers show that email is sent human and evades detection.

Attackers use various social engineering methods to trick the users to believe the emails is from a legitimate source, here the email’s are from a compromised account at @avis.ne.jp.

Hidden Malicious Page Behind Captcha

Cofense identified a new email campaign that alerts recipients that they received a new voicemail message. The voice was with a preview that tempts users to listen to the full message.

- Advertisement - Google News
Email Body credits: Cofense

The email contains a play button which has an embedded hyperlink pointing to the page that contains captcha, this step is to bypass the automated analysis tools and to bypass secure email gateways.

Once the user click’s on the link they get directed to the captcha page, once the captcha check completed users taken to the main phishing page that hosted on MSFT infrastructure.

The phishing page asks the user to select a Microsoft account to log in when the victim login all their credentials are captured.

Phishing page Image credits: Cofense

“Both pages are legitimate Microsoft top-level domains, so when checking these against domain reputation databases we receive a false negative and the pages come back as safe,” reads Cofense report.

The attack method is nothing new, the important part is the Captcha page which makes the attack more successful by evading the security controls placed.

Email Header Analysis always helps you in preventing such malicious threat, emails are the critical business asset and they need to be secured.

Before clicking on a link, investigate that the website is safe, there are various methods to the check is this website safe or not.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Weaponize KeePass Password Manager to Spread Malware and Steal Passwords

Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware...

Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals

The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to...

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...