Fake Captcha Scam: How Hackers Trick Users into Downloading Malware - 1

Image by DC Studio, from Freepik

Fake Captcha Scam: How Hackers Trick Users into Downloading Malware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

ClickFix Captcha presents itself as an innocuous verification test but cybercriminals use this tactic to distribute malware to unsuspecting users.

In a rush? Here are the quick facts:

  • Hackers use ClickFix Captcha to trick users into executing malware commands.
  • QakBot trojan is being delivered through fake captchas and hidden PowerShell scripts.
  • Attackers use XOR decryption to hide malicious code and evade detection.

The malware distribution method has been associated with ransomware delivery and the spread of QakBot banking trojan, and infostealers. Since its initial discovery in 2008, the researchers say that QakBot has evolved into a sophisticated piece of malware.

The security researchers at DarkAtlas Research Squad discovered a new attack that tricked users into thinking they were doing standard captcha work. Users were unknowingly running commands on their own computers without their knowledge.

The ClickFix Captcha directed users to activate Windows Key + R which automatically triggered a preloaded command stored in their clipboard. The command secretly downloaded an encrypted file from a remote server while executing malicious code without triggering any suspicion.

DarkAtlas also revealed that the malware used XOR decryption to hide its real purpose, making detection particularly difficult. The attackers created fake domains to host ZIP files containing malicious payloads.

Once downloaded, these files extracted and executed harmful scripts designed to steal sensitive information or deploy ransomware. Worryingly, the hackers could generate an unlimited number of unique URLs to distribute their malware, making it nearly impossible for security systems to blacklist them effectively.

This attack is in line with Q3/2024 report from Gen shows a dramatic increase in “Scam-Yourself Attacks” which deceive users into installing malware. The attackers use ClickFix scams together with fake CAPTCHA prompts and deceptive tutorials to gain control.

According to the report, AI and deepfake technology have made scams more difficult to detect. Users can stay protected from evolving threats with the help of Norton Genie.

The researchers advise that users should remain vigilant and avoid executing unexpected commands from unknown websites.

Apple Upgrades Health App With AI Personalized Coaching - 2

Image by Blocks Fletcher, from Unsplash

Apple Upgrades Health App With AI Personalized Coaching

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Apple advances its health technology capabilities through new updates to its Health app, introducing AI-powered health coaching which provides customized health guidance.

In a rush? Here are the quick facts:

  • Apple is launching an AI-powered health coach in its revamped Health app.
  • The AI coach provides personalized wellness recommendations based on user health data.
  • The update includes food tracking and exercise technique analysis via device cameras.

Bloomberg explains that this initiative, known internally as Project Mulberry, will allow the updated Health app to collect data from iPhones, Apple Watches, and third-party health devices.

Users will receive personalized health improvement suggestions from the AI coach which analyzes the collected data. Users with irregular heart rate patterns will receive recommendations and heart health educational material as part of the system’s suggestions.

Bloomberg notes that a new facility located near Oakland, California will provide physicians with a location to create video content for the app. The company wants to identify a prominent medical personality who will host the new service which internal Apple staff have given the tentative name “Health+.”

Additionally, Bloomberg reports that Apple introduced extensive food tracking features to its app. Through its enhanced nutritional tracking system Apple plans to challenge the dominance of established services such as MyFitnessPal.

Furthermore, Bloomberg said that Apple is planning to use device cameras to analyze users’ exercise techniques to give feedback on how to improve their workouts. This functionality could integrate with Apple’s existing Fitness+ platform, giving users a more interactive and corrective exercise experience.

According to Bloomberg, the Health app updates combined with the AI coach will arrive as part of iOS 19.4 during the spring or summer of the following year.

The new development continues Apple’s work to embed health capabilities within its product range. The Apple Watch added sleep apnea detection in watchOS 11, which recently gained FDA clearance .

Additionally, Apple recently received FDA clearance for its Hearing Aid feature in AirPods Pro 2 which became the initial over-the-counter hearing aid software. The feature functions to enhance particular sounds such as speech and environmental noise in real-time.

Apple’s AI health features may however raise cybersecurity concerns, such as, data breaches, AI manipulation, third-party vulnerabilities, unauthorized sharing, and biometric data exploitation.

For instance, a 2023 Duke University report revealed that data brokers sold mental health data, including diagnoses like depression, anxiety, and bipolar disorder. Some brokers also included sensitive details such as names and addresses.

As Apple continues to innovate in the health space, these new AI-powered updates may provide users with personalized and interactive health experiences. However, as with any advancement, the company must address potential privacy concerns, and ensure that user data remains protected.