Attackers exploit the “Are You Human” checks to deceive targets

Malicious actors have utilised the “Are You Human” checks to execute their cybercriminal activities against their targets. This newly discovered method shows how cybercriminals have constantly searched for new attack strategies that could allow them to take advantage and earn profit.

Based on reports, the primary objective of the new campaign is to bait unsuspecting targets into granting the attackers unwarranted permissions. This strategy could enable the attackers to bombard the victims with unsolicited messages and alerts.

 

The abuse of the “Are You Human” checks could result in a global trend that numerous threat actors could adopt.

 

A security researcher used the Google Dork technique to uncover more than 2,500 websites that adopt the “Are You Human” tactic. Researchers claimed this recent attack strategy could spread a widespread trend among malicious groups.

Moreover, a sizable subset of these malicious websites has employed the protection of the antibot[.]cloud. Initially, users may encounter the antibot system’s authentic “Are You Human” verification protocol, which illuminates a standard process.

However, the website will introduce a fake “Are You Human” check after a target passes the initial test. This tactic could aim to deceive and prompt users into allowing the page with undesired permissions.

Granting permissions to such websites could pave the way for unwanted notifications, quickly escalating from a minor frustration to a significant disruption to a target’s browsing activities.

Furthermore, these websites could exploit the allowed permissions to deploy a backdoor into a target’s browser. They could also acquire capabilities that could abuse trust through illicit access. Hence, the tactic could also breed other malicious campaigns, such as phishing attacks, additional malware payloads, and delivering spam messages.

Experts warn everyone that clicking accept could endanger their devices and information. These new tactics imply that cybercriminals are constantly upgrading their attack capabilities. Therefore, users should use reliable security software solutions, regularly update browsers, and exercise caution while browsing could mitigate the effectiveness of these campaigns.

Users should remain informed about recent trends and adopt preventive measures to protect online privacy and security.