Page Nav

HIDE

Grid

GRID_STYLE

Trending News

latest

How Hackers Used Google Tool To Evade Detection 128,000 Times

Webcams Hacking way too easy The use of cloning is something that cybercriminals have long exploited with often remarkably good results....

Webcams Hacking way too easy
The use of cloning is something that cybercriminals have long exploited with often remarkably good results. Just recently, there have been reports of cloned Microsoft Teams login pages being used to harvest video chat passwords, and fake but realistic U.S. stimulus payment communications, for example. But it's not just the intended victim that hackers want to fool, it's also the cybersecurity tools that can catch them red-handed playing their game of thieves. Researchers from security vendor Barracuda have recently noticed one threat campaign doing just this, not with a clone but by employing a legitimate Google tool in the most illegitimate way.

How Cybercrime is employing Google as an unwitting accomplice

It is not unusual, it has to be said, for cybercriminals to make use of fake or cloned captcha walls to add some validity to the credential-stealing site behind. It's a tactic designed to fool the victim into thinking it must be the real service login page if it's employing such security measures to keep the hacking bots out. It is just one way that attackers have continued to step up to the challenge of fooling an increasingly, if slowly so, cyber-aware public. Another, and the one that those researchers at Barracuda have found evidence of, is the use of real captcha walls, specifically the Google-owned reCaptcha tool.

Although designed primarily to prevent automated content-scraper bots from being able to access sites, reCaptcha can also be used maliciously by cybercriminals, the Barracuda researchers say. The fact that we are all so used to having to pick which squares contain an image of a bus, traffic light of pedestrian crossing, makes reCaptcha an accessing online services norm. Step one of the hacker intent achieved;  it imparts that feeling of site validity the attackers want.

However, it seems the reason that those who would steal your credentials have turned to using the real reCaptcha rather than a mocked-up clone, is that it makes it difficult for automated link analysis systems to access the content as well as the content-scraping bots. Step two also achieved; a better chance of not being detected in the act.

128,000 real deals against just one fake

It would appear that the tactic is becoming more popular with the credential-stealing gangs employing email phishing campaigns to start things off. The use of a genuine reCaptcha API, the Barracuda researchers said, "is undoubtedly more effective in deterring automated scanners because a fake reCaptcha box could easily be programmatically bypassed by simply submitting the form." Indeed, across the sample that was analyzed by the researchers, only one used a fake reCaptcha input box, while 128,000 used the genuine article.

Multiple email credential phishing campaigns have been spotted using this tactic, the researchers said, with counterfeit Microsoft login screens being a favorite target it seems. The email has an HTML attachment that redirects the recipient to the reCaptcha screen, and once that "are you a human" hurdle is cleared, they are presented with a cloned login page.

Although designed primarily to prevent automated content-scraper bots from being able to access sites, reCaptcha can also be used maliciously by cybercriminals, the Barracuda researchers say. The fact that we are all so used to having to pick which squares contain an image of a bus, traffic light of pedestrian crossing, makes reCaptcha an accessing online services norm.

Step one of the hacker intent achieved;  it imparts that feeling of site validity the attackers want. However, it seems the reason that those who would steal your credentials have turned to using the real reCaptcha rather than a mocked-up clone, is that it makes it difficult for automated link analysis systems to access the content as well as the content-scraping bots. Step two also achieved; a better chance of not being detected in the act.

128,000 real deals against just one fake


It would appear that the tactic is becoming more popular with the credential-stealing gangs employing email phishing campaigns to start things off. The use of a genuine reCaptcha API, the Barracuda researchers said, "is undoubtedly more effective in deterring automated scanners because a fake reCaptcha box could easily be programmatically bypassed by simply submitting the form." Indeed, across the sample that was analyzed by the researchers, only one used a fake reCaptcha input box, while 128,000 used the genuine article.

Multiple email credential phishing campaigns have been spotted using this tactic, the researchers said, with counterfeit Microsoft login screens being a favorite target it seems. The email has an HTML attachment that redirects the recipient to the reCaptcha screen, and once that "are you a human" hurdle is cleared, they are presented with a cloned login page.