Hackers are increasingly exploiting users’ trust in CAPTCHA prompts by mimicking these verification challenges on infected websites. This deceptive strategy involves displaying fake CAPTCHA images that, when clicked, redirect the user to malicious domains. This method is particularly insidious because it uses a familiar verification tool to lower the user’s guard, making the scam more effective. The initial click on the fake CAPTCHA leads to a series of redirects, ultimately landing the user on a website that could host scams or deploy malware.
Attackers have refined this technique by employing image overlays that appear as legitimate CAPTCHA prompts but contain hidden links to dangerous domains like rapid.tmediacontent.com. The malicious link is not part of the original website’s code, which makes the attack difficult to detect. These overlays can trick users into initiating unwanted downloads or entering sensitive information, thereby compromising their security.
The campaign known as Mal.Metrica has been particularly active in exploiting vulnerabilities in WordPress plugins. By masquerading as legitimate CDN or web analytics services, the malware has managed to infect over 17,449 websites in 2024 alone. Mal.Metrica uses these plugins to inject malicious scripts, leveraging tools like Yandex.Metrica to monitor and optimize its malicious activities. Notably, popular plugins such as tagDiv Composer, Popup Builder, WP Go Maps, and Beautiful Cookie Consent Banner have been targets.
The broader implications of these attacks underscore the importance of maintaining updated and secured web environments. A high-severity vulnerability in the popular WordPress theme “Responsive” exemplifies how attackers can exploit even small openings, in this case by injecting malicious code into the website’s footer. The vulnerability was patched in March 2024, but not before it was exploited by attackers aiming to insert malicious links for potentially fraudulent purposes. As cybercriminals continue to evolve their tactics, the need for vigilance and robust cybersecurity measures becomes increasingly critical.
