www.infosecurity-magazine.com
Open in
urlscan Pro
13.32.99.111
Public Scan
URL:
https://www.infosecurity-magazine.com/news/fake-captcha-campaign-risks/
Submission: On December 16 via api from TR — Scanned from IL
Submission: On December 16 via api from TR — Scanned from IL
Form analysis 2 forms found in the DOM
GET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search site…" aria-label="Search keywords" required="required">
<button type="submit" class="form-button with-icon">
<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Search">
<path d="M15 15L21 21M10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 13.866 13.866 17 10 17Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</form>GET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search Infosecurity Magazine…" aria-label="Search keywords" required="required">
<input type="submit" value="Search" class="form-button">
</form>Text Content
* Log In
* Sign Up
*
* News
* Magazine Features
* Opinions
* News Features
* Interviews
* Editorial
* Blogs
* Reviews
* Slackspace
* Next-Gen Infosec
* Webinars
* White Papers
* Podcasts
* Industry Events & Training
* Magazine Events
* Online Summits
* Company Directory
* Application Security
* Automation
* Big Data
* Business Continuity
* Cloud Security
* Compliance
* Cybercrime
* Data Protection
* Digital Forensics
* Encryption
* Human Factor
* Identity Access Management
* Industry Announcements
* Internet Security
* Malware
* Managed Services
* Mobile Security
* Network Security
* Payment Security
* Physical and Information Security Convergence
* Privacy
* Risk Management
* The Internet of Things
* Log In
* Sign Up
*
* News
* Topics
* Features
* Webinars
* White Papers
* Podcasts
* EventsEvents & Conferences
* Directory
* *
Infosecurity Magazine Home » News » Fake Captcha Campaign Highlights Risks of
Malvertising Networks
FAKE CAPTCHA CAMPAIGN HIGHLIGHTS RISKS OF MALVERTISING NETWORKS
News 16 Dec 2024
WRITTEN BY
ALESSANDRO MASCELLINO
Freelance Journalist
* Email Alessandro
* Follow @a_mascellino
*
*
*
A new large-scale campaign distributing Lumma infostealer malware through fake
captcha pages has been observed using malvertising to exploit weaknesses in the
digital advertising ecosystem. The attacks exposed thousands of victims to
credential theft and financial losses.
Uncovered by Guardio Labs and Infoblox researchers, the campaign relies on
Monetag, a subsidiary of PropellerAds, to propagate malicious fake captcha
pages. Users encounter these deceptive pages while browsing legitimate-looking
websites, where they are prompted to verify their identity by completing a
captcha.
However, the process executes a PowerShell command, installing malware that
targets sensitive data such as social media credentials, banking information and
personal files.
Key findings from the investigation include:
* Extensive reach: Over 1 million ad impressions daily, with traffic funneled
through more than 3000 websites
* Malware delivery mechanism: Redirect chains and obfuscated scripts distribute
fake captcha pages via ad networks
* Sophisticated cloaking: Attackers used services like BeMob for ad tracking to
obscure malicious intent from moderators
THE ROLE OF AD NETWORKS
Guardio Labs highlighted how the infrastructure of ad networks enables such
campaigns. Monetag’s ad scripts deploy traffic distribution systems (TDS) to
analyze visitors and optimize ad placement. These systems, designed for
legitimate advertising, are exploited to deliver malicious content on a massive
scale.
Malvertising campaigns like this thrive due to fragmented accountability. Ad
networks, tracking services, publishers and hosting providers each play roles
but often avoid responsibility. Attackers further exploit these gaps by swapping
benign creatives for malicious ones after approval.
Read more about malvertising: NCSC Publishes Tips to Tackle Malvertising Threat
“This fake captcha campaign is just one example that exposes the darker side of
the internet’s advertising ecosystem,” Guardio Labs warned. “While advertising
is a cornerstone of the modern internet, the same ecosystem now faces a
significant conflict of interest – creating a security gap that leaves users
vulnerable.”
Following the disclosure, Monetag and BeMob took action, banning over 200
accounts linked to the campaign. However, researchers emphasize the need for
proactive measures, such as continuous content moderation and stricter account
validation, to prevent abuse.
YOU MAY ALSO LIKE
1. MALVERTISING AND CRYPTOWALL MARK THE APPEARANCE OF THE RIG EXPLOIT KIT
News6 Jun 2014
2. MALICIOUS ADS HIDE INFOSTEALER IN LEAGUE OF LEGENDS ‘DOWNLOAD’
News26 Sep 2024
3. SAVVY SEAHORSE TARGETS INVESTMENT PLATFORMS WITH DNS SCAMS
News29 Feb 2024
4. MALVIRT LOADERS EXPLOIT .NET VIRTUALIZATION TO DELIVER MALVERTISING ATTACKS
News3 Feb 2023
5. SITTING DUCKS DNS ATTACKS PUT GLOBAL DOMAINS AT RISK
News14 Nov 2024
WHAT’S HOT ON INFOSECURITY MAGAZINE?
* Read
* Shared
* Watched
* Editor's Choice
TOP 10 CYBER-ATTACKS OF 2024
News Feature2 Dec 2024
1
MICROSOFT AZURE MFA FLAW ALLOWED EASY ACCESS BYPASS
News11 Dec 2024
2
FIN7 GANG HIDES MALWARE IN AI “DEEPNUDE” SITES
News3 Oct 2024
3
HACKERS LEAK SEXUALLY EXPLICIT PHOTOS, MESSAGES OF WWE STAR PAIGE
News6 Nov 2017
4
AKIRA AND RANSOMHUB SURGE AS RANSOMWARE CLAIMS REACH ALL-TIME HIGH
News13 Dec 2024
5
LOOKOUT DISCOVERS NEW SPYWARE DEPLOYED BY RUSSIA AND CHINA
News12 Dec 2024
6
REMCOS RAT MALWARE EVOLVES WITH NEW TECHNIQUES
News12 Dec 2024
1
SNOWFLAKE PLEDGES TO MAKE MFA MANDATORY
News11 Dec 2024
2
MICROSOFT AZURE MFA FLAW ALLOWED EASY ACCESS BYPASS
News11 Dec 2024
3
MAJOR DROP IN CYBER-ATTACK REPORTS FROM LARGE UK FINANCIAL BUSINESSES
News10 Dec 2024
4
VODKA GIANT STOLI FILES FOR BANKRUPTCY AFTER RANSOMWARE ATTACK
News4 Dec 2024
5
DELOITTE DENIES BREACH, CLAIMS CYBER-ATTACK TARGETED SINGLE CLIENT
News6 Dec 2024
6
ALERT FATIGUE: WHAT ARE YOU AND YOUR SECURITY TEAMS MISSING?
Webinar5 Dec 2024
1
DISPELLING THE MYTHS OF DEFENSE-GRADE CYBERSECURITY
Webinar4 Dec 2024
2
HOW TO OPTIMIZE THIRD-PARTY RISK MANAGEMENT PROGRAMS THROUGH NIST CSF 2.0
Webinar16 May 2024
3
HOW TO UNLOCK FRICTIONLESS SECURITY WITH DEVICE IDENTITY & MFA
Webinar11 Apr 2024
4
HOW TO MANAGE YOUR RISKS AND PROTECT YOUR FINANCIAL DATA
Webinar30 Oct 2024
5
HOW TO PROACTIVELY REMEDIATE RISING WEB APPLICATION THREATS
Webinar30 May 2024
6
GATWICK AIRPORT'S CYBERSECURITY CHIEF ON SUPPLY CHAIN RISKS AND CROWDSTRIKE
OUTAGE
Interview21 Nov 2024
1
YOU'RE HIRED! THE TRUTH ABOUT CERTIFICATIONS IN CYBERSECURITY CAREERS
News Feature2 Dec 2024
2
T-MOBILE CLAIMS SALT TYPHOON DID NOT ACCESS CUSTOMER DATA
News28 Nov 2024
3
DARKNET SERVICES FUEL HOLIDAY SCAMS AND E-COMMERCE EXPLOITS
News26 Nov 2024
4
TOP 10 CYBER-ATTACKS OF 2024
News Feature2 Dec 2024
5
GOOGLE DEINDEXES CHINESE PROPAGANDA NETWORK
News25 Nov 2024
6
THE MAGAZINE
* About Infosecurity
* Meet the team
* Contact us
ADVERTISERS
* Media pack
CONTRIBUTORS
* Forward features
* Op-ed
* Next-gen submission
*
*
*
* Copyright © 2024 Reed Exhibitions Ltd.
* Terms and Conditions
* Privacy Policy
* Intellectual property statement
* Cookies Settings
* Cookie Policy
* Sitemap
We use cookies to analyse and improve our service, to improve and personalise
content, advertising and your digital experience. We also share information
about your use of our site with our social media, advertising and analytics
partners. Cookie Policy
Accept All Cookies
Cookies Settings
COOKIE PREFERENCE CENTRE
We process your information, to deliver content or advertisements and measure
the delivery of such content or advertisements, extract insights, and generate
reports to understand service usage; and/or accessing or storing information on
devices for that purpose.
You can choose not to allow some types of cookies. However, blocking some types
of cookies may impact your experience of the site and the services we are able
to offer. Click on the different category headings to find out more, to change
our default settings, and/or view the list of Google Ad-Tech Vendors.
Cookie Policy
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. If you do not allow these cookies, you will
experience less targeted advertising.
Cookies Details
Confirm My Choices
Back Button
Back
PERFORMANCE COOKIES
Vendor Search Search Icon Filter Icon
Clear Filters
Information storage and access
Apply
Consent Leg.Interest
All Consent Allowed
Select All Vendors
Select All Vendors
All Consent Allowed
Confirm My Choices