A recent malware campaign is using CAPTCHA prompts to steal sensitive data from unsuspecting victims. The attackers trick users into accepting a fake CAPTCHA challenge that looks like a legitimate request, but instead of verifying their humanity, it copies a text string to the Windows clipboard and downloads a malicious file.
The attack relies on the ease with which people follow instructions without thinking twice. Cybercriminals target people who are less knowledgeable and more easily tricked. Even sophisticated users in a rush or on autopilot can fall prey to the trap.
To protect yourself from this campaign, follow these tips:
* Never follow instructions given on a website without thinking it through first.
* Use a security program and browser extension that block malicious websites and scripts.
* Disable JavaScript in your browser if you’re visiting random or unknown websites. This will thwart the attack, but may prevent you from using many regular sites.
To disable JavaScript in Google Chrome:
* Go to Settings > Privacy and security > Site settings
* Click the setting for JavaScript and change it to “Disable JavaScript for all sites”
* Add specific sites that are allowed to use JavaScript
To disable JavaScript in Microsoft Edge:
* Go to Settings > Cookies and Site Permissions
* Turn off the switch for Allowed
* Add individual sites for which you want JavaScript to work
To disable JavaScript in Firefox:
* Install a third-party add-on or use the configuration editor
* Type about:config in the address field and accept the risk
* Double-click “javascript.enabled” to change its value from true to false
Source: https://www.zdnet.com/article/that-weird-captcha-could-be-a-malware-trap-heres-how-to-protect-yourself