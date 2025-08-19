Hackers Unleash Devious Malware That Steals Crypto Wallet Data Via Fake Captcha: Report

Par : CryptoNews
2025/08/19 05:57
Gravity
G$0.01145-1.20%
MemeCore
M$0.3742-9.39%
Threshold
T$0.01606-1.59%
RealLink
REAL$0.05052+3.80%
PlaysOut
PLAY$0.04494-8.13%
Octavia
VIA$0.0139-8.55%
Ambire Wallet
WALLET$0.02624-3.10%

A new research brief published by DNSFilter indicates a rising threat to cryptocurrency users from fake CAPTCHA pages, which use deceptive “I’m not a robot” prompts to deliver malware targeting crypto wallets.

According to DNSFilter, the malicious activity was first identified by one of its managed service provider (MSP) customers. What initially appeared to be a routine CAPTCHA verification was, in fact, an attempt to deploy Lumma Stealer, a fileless malware strain capable of exfiltrating browser-stored credentials and wallet information.

While DNSFilter’s content filtering successfully blocked the attack, its researchers traced the infrastructure to reveal broader patterns of coordinated phishing efforts.

Fake CAPTCHA Scam Targets Greek Bank Users, Delivers Lumma Stealer via PowerShell Trick

The incident began when users encountered a CAPTCHA overlay on a Greek banking site. The page mimicked a legitimate CAPTCHA but displayed a message claiming a DNS “network error,” instructing users to press Windows + R, paste a command from the clipboard, and hit Enter.

Following these steps would silently execute the Lumma Stealer payload via PowerShell outside the browser while performing a DNS lookup.

Source: DNSFilter

DNSFilter linked the campaign to two other domains: human-verify-7u.pages.dev, a Cloudflare Pages site that returns an error after the user clicks the button, and recaptcha-manual.shop, which executes commands outside the browser after users follow the prompts.

Further investigation, detailed in DNSFilter’s case study, revealed that the campaign was a sophisticated blend of phishing and malware delivery. Attackers relied on fileless execution techniques, using legitimate browser processes to deliver payloads without writing to disk.

DNSFilter deployed its content filtering and domain-blocking controls across the MSP’s network, preventing infections before any credentials or wallet data were compromised. Alerts and blocking policies were updated in real time, and the MSP conducted end-user education sessions to reinforce the dangers of interacting with suspicious CAPTCHA.

“The malware in this event was Lumma Stealer, delivered through a fake CAPTCHA in a deceptive malvertising chain. Had the analyst’s device been infected, the PowerShell payload could have disabled Windows AMSI and loaded Lumma DLL,” the report explains.

“The stealer immediately sweeps the system for anything it can monetize—browser-stored passwords and cookies, saved 2FA tokens, cryptocurrency-wallet data, remote-access credentials, and even password-manager vaults.”

Analysis showed that the fake CAPTCHA was accessed 23 times across the DNSFilter network in just three days. More troubling, 17% of users who encountered the page followed its copy‑and‑paste instructions, triggering the malware payload attempt. While DNSFilter prevented successful infections in this case, researchers noted the potential scale if left unchecked.

Rapid Laundering Leaves Scam Victims Powerless to Recover Stolen Crypto

Reports have revealed that cybercriminals are laundering stolen cryptocurrency at unprecedented speeds. At these rates, victims of fake CAPTCHA schemes are left with virtually no chance of recovering their funds.

As per the previous report, crypto hackers can now transfer stolen digital assets through laundering networks in under three minutes.

Elliptic’s data shows that by using automated laundering tools and decentralized exchanges (DEXs), hackers are executing the entire laundering process in a matter of minutes.

Source: Elliptic

“This new speed makes real-time intervention nearly impossible,” the report warned.

Cybersecurity experts warn that the fake CAPTCHA scams are not just a concern for big firms but also for regular users, as they are often disguised as part of login portals or app installations and target ordinary internet users who may not suspect foul play until their wallets are drained.

“Bad actors take advantage of both the highs and lows of life,” said Ken Carnesi, CEO and co-founder of DNSFilter. “Any person at any organization has the same chance of encountering a malicious link. The standard cyber hygiene tips apply: use unique passwords, verify who you are ‘talking’ to before handing over credentials, and think before you click.”

The rapid laundering process worsens the impact. Victims often discover the theft too late. Law enforcement agencies find it hard to trace the stolen funds across multiple blockchains. Experts note, however, that when cybersecurity firms intervene promptly, all or some of the stolen funds can still be recovered.

“Speed is critical. Funds often can be recovered in whole or part if proper actions are taken within 24 to 72 hours,” Cameron G. Shilling, a cybersecurity expert, said in a publication.

As hackers continue to shorten laundering times, the risks for victims are expected to grow. “The arms race between cybercriminals and defenders is accelerating,” Elliptic concluded. “Speed is now the hackers’ greatest weapon.”

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

Tom Lee Frames ETH Retreat as Necessary Step Toward $5,100

Tom Lee Frames ETH Retreat as Necessary Step Toward $5,100

Tom Lee sees ETH’s dip near $4,150 as a healthy pullback, setting the stage for a potential run toward $5,100.
NEAR
NEAR$2.483-3.87%
TOMCoin
TOM$0.000273-1.79%
Love Earn Enjoy
LEE$1.995+6.91%
Partager
CryptoPotato2025/08/19 21:41
Partager
VCI Global announces $2 billion partnership to promote crypto infrastructure and asset tokenization based on 18,000 BTC

VCI Global announces $2 billion partnership to promote crypto infrastructure and asset tokenization based on 18,000 BTC

PANews reported on August 19 that Nasdaq-listed company VCI Global Limited (NASDAQ: VCIG) announced a $2 billion partnership agreement with digital asset holders to establish a sovereign-grade crypto infrastructure joint
Bitcoin
BTC$113,865.08-1.59%
Partager
PANews2025/08/19 21:06
Partager
Institutional Pulse: XRP, Stellar & Algorand Touted to Power Tomorrow’s Government Liquidity

Institutional Pulse: XRP, Stellar & Algorand Touted to Power Tomorrow’s Government Liquidity

XRP, XLM & ALGO: The Blockchain Backbones of Government-Aligned LiquidityTaking on X, formerly Twitter, crypto observer SMQKE highlights a new category of digital assets emerging beyond speculation and retail hype, which is government-aligned digital assets.Built or positioned to serve as liquidity rails for states, central banks, and regulated institutions, this class is led by Ripple's XRP, Stellar (XLM), and Algorand (ALGO).Unlike meme coins or decentralized experiments, these three projects have consistently sought alignment with regulatory frameworks, enterprise adoption, and government partnerships. Their emphasis is not on retail speculation, but on building institutional-grade financial plumbing.SMQKE points out, “Assets like XRP, Stellar and Algorand are optimized for liquidity provision, high-throughput settlement and interoperability with existing financial infrastructure.”XRP, through Ripple, has established itself as a bridge currency for cross-border payments, offering low-cost, high-speed settlements tested by banks and remittance providers worldwide. With Ripple actively collaborating on central bank digital currency (CBDC) pilots, XRP’s technology is increasingly positioned to play a structural role in how central banks enable international settlements.XLM, developed by Stellar, shares similar DNA but with a stronger emphasis on inclusion. By targeting remittances and underbanked regions, Stellar has formed partnerships with entities like MoneyGram and has built pathways for converting fiat into digital form seamlessly. Its architecture makes it suitable for government-backed stablecoin issuance, especially in emerging markets where financial accessibility is a priority.Meanwhile, ALGO distinguishes itself with its pure proof-of-stake consensus and scalability. The blockchain has already been used by governments such as the Republic of the Marshall Islands for their digital currency initiative. Its strong focus on compliance, efficiency, and sustainability makes it a contender for large-scale state digital infrastructure projects.Together, XRP, XLM, and ALGO represent a convergence between blockchain innovation and government necessity. While Bitcoin and Ethereum often stand as decentralized counterpoints to traditional finance, these three assets are carving out a role as infrastructural backbones for regulated liquidity.XRP Finds Itself at a CrossroadsAccording to Vlad Anderson, “After teasing a push above $3.25, XRP couldn’t hold momentum. Instead, the price slipped back under $3.15 → $3.10, even testing the $3.00 support zone with a local low at $2.971.”The market analyst added that XRP sits at a make-or-break range and until $3.05/$3.06 is reclaimed as support, bearish pressure dominates.At the time of this writing, XRP was up by 1.4% in the past 24 hours to trade at $3.02, according to CoinGecko data.ConclusionCrypto researcher SMQKE urges that as governments fast-track CBDC rollouts and seek reliable cross-border settlement layers, state-aligned assets like XRP, Stellar, and Algorand are set to take center stage. Therefore, the narrative is shifting because digital assets are moving beyond speculation to become the backbone of sovereign liquidity management.Meanwhile, XRP is at a pivotal juncture because unless $3.05/$3.06 flips to support, bearish momentum remains in control.
Threshold
T$0.01608-2.13%
Algorand
ALGO$0.243-4.74%
Hyperliquid
HYPE$42.45-3.08%
Partager
Coinstats2025/08/19 21:10
Partager

Actualités tendance

Plus

Tom Lee Frames ETH Retreat as Necessary Step Toward $5,100

VCI Global announces $2 billion partnership to promote crypto infrastructure and asset tokenization based on 18,000 BTC

Institutional Pulse: XRP, Stellar & Algorand Touted to Power Tomorrow’s Government Liquidity

As It Approaches $6m In Its Presale Here’s Why BlockchainFX Could Be the Next Best Crypto to Buy Ahead of Nexchain and BlockDAG

TRON will be integrated into the MetaMask wallet