Hackers are using fake CAPTCHA pages sent through WhatsApp to trick users into running VBScript malware on Windows systems.
Cybersecurity researchers have uncovered a malware campaign that uses WhatsApp messages and fake CAPTCHA pages to trick users into infecting their own computers.
The attack starts with a message sent through WhatsApp, often containing a file or link that appears harmless. Victims who interact with it are redirected to a fraudulent CAPTCHA page designed to look like a routine security check.
Instead of verifying that a visitor is human, the page guides users through a series of steps that ultimately lead to the execution of a malicious VBScript file on a Windows machine.
Once launched, the script downloads additional malware and begins establishing a foothold on the system. Researchers say the attackers rely on legitimate Windows utilities and trusted cloud services to carry out much of the activity, helping the infection blend in with normal system operations.
The malware can then retrieve additional payloads, communicate with remote servers and maintain access to compromised devices. Because much of the attack uses built-in tools already present on Windows systems, suspicious activity can be harder for users to spot.
Microsoft first observed the campaign earlier this year and noted that the attackers used a mix of social engineering and legitimate infrastructure to avoid detection. Services hosted by major cloud providers were reportedly used during various stages of the infection chain.
Fake CAPTCHA pages have become increasingly popular among cyber-criminals over the past year. Rather than exploiting software vulnerabilities, these attacks target human behavior, convincing victims to perform actions that unknowingly launch malicious code.
Security experts recommend treating unexpected files and links received through messaging platforms with caution, even when they appear routine. Users should be particularly wary of script files such as VBS attachments and avoid following instructions from CAPTCHA pages that request unusual actions outside a web browser.
The campaign serves as another reminder that many successful cyberattacks no longer rely on sophisticated exploits. In this case, a familiar-looking verification screen and a simple WhatsApp message were enough to open the door to a much larger compromise.
Related articles :
- Coruna iOS Exploit Kit Reuses Triangulation Zero-Days
- Interview with Pentester Cyberjagu
- Critical GitHub Enterprise Flaw Exposes Servers
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
