EA Forums Online Security Newsletter - Volume 2

Hey all got some new news for you out of Germany. I translated the news article into English and there might be some minor mistakes but I am sure you all will get the meaning: 

Checkbox as Bait You're not a robot? Malware could be lurking behind captchas. Everyone is familiar with checkboxes or image challenges to prove that you're a human and not a machine. This gives so-called captchas a certain level of trust. Cybercriminals exploit this mercilessly.

Anyone who currently encounters "I am not a robot" captchas when opening websites should be especially cautious after clicking the green confirmation checkbox. If access to the site is granted as normal after checking the box, everything is fine.

However, if another banner appears after the checkbox prompt with instructions to execute keyboard shortcuts, you've landed on a highly dangerous, manipulated website that intends to inject malware onto your computer. The Federal Office for Information Security (BSI) is currently warning against this again. In this case, abort immediately and close your browser.

If captchas require key combinations, something is wrong.

The attack method first appeared at the end of 2024 and was documented by the Swiss Federal Office for Cyber ​​Security (BACS): The fact that the initial attempt was already a fake captcha becomes clear when a second banner appears, demanding the execution of various key combinations for alleged further verification.

The perfidious attack explained in detail:

1. By checking the "I am not a robot" captcha box, a malicious command has already been copied to the clipboard. And here's what the cybercriminals want unsuspecting users to do next:
2.  In the second banner, they are then prompted to open a Windows input field using a keyboard shortcut.
3. Using another keyboard shortcut, they are then supposed to paste the dangerous command from the clipboard into the input field and then execute it.
4. Malware is then downloaded and installed from an attacker's server, which has devastating capabilities, such as: Collecting information, for example from the operating system, web browsers, or messengers; Stealing sensitive access or payment information, such as passwords or credit card details; Attacking crypto wallets or authentication processes, such as those for online banking; Executing any other commands; Injecting any other malware.

Since many malware programs make profound changes to the system that cannot be easily reversed, victims should restart their entire computer as a precaution after an actual infection with the malware from the CAPTCHA attack, advises the BACS.

After an infection, victims must take action. This means in detail:

Reinstall the operating system completely and, if possible, restore their data from backups on external storage devices. If there is no or no up-to-date data backup on external storage devices, which no user should be without, their data must of course be backed up before reinstalling the computer. Additionally, as a precaution, all online account passwords should be changed, especially those for email accounts.

Hey, danisoff thanks for sharing your thoughts about passwords. Exactly! There are two concepts for keeping your account passwords safe. While good password hygiene without password managers is possible, it might not be a solution for everyone. At the end of the day, this is a personal preference. Maybe a mix between your approach and using a password manager could be a good solution. Or maybe spread your passwords among a few password manager providers?  Possibilities are endless ;) 

Regarding your article about phishing. Is that this one? :)

Well said! Always happy to hear from you EA_Kuba. Yes, using multiple password managers is definitely better than relying on just one. That would be a much safer compromise.

Also, thank you for finding the original post! Is it archived somewhere or is it just an old screenshot? Nonetheless, I really appreciate you taking the time to track it down. 🙂

Really great comments by blog members this month (Feb) - I'm still catching up.

I was very impressed and glad I read the post by, ASMODEUS566, re captcha.

I read just a short summary about this a week or two ago on Techspot forums, but what you posted was far superiour and gave detail.

Thank you for sharing that!!

GawgPorkChop 

We all try to do what we can to help others here on the forum be safe in gaming and of course in real life as well.

I really appreciate the shout out. 

Good stuff. Quick story. Until 2016 I used one password for several sites. I stopped that and use long complex ones, never duplicated since then.

Here is the fun bit. I check my "dark web profile," on some google service a couple of months back.

Guess what? My re-used password is still listed. It's harmless as I have changed all, or closed accounts with it over 7 years ago, but it's still there. Kind of funny, but quite a shock at first.

There is no harm in me typing the password that I used as I would never use any thing without letters, Capitals, numbers, and characters (% & $ etc) now and haven't done so since back then.

My really old password was Morrowind. Oh the innocence! Oh the stupidity. I was playing that game back in 2012 or so and used it as my normal password for everything. Kind of embarrassed, but I totally, suddently grasped how silly I had been almost a decade ago, so I am sharing.

BTW: Nothing was ever compromised. Luck probably. Also doing that now in 2025 without 2fa and bank accounts would be emptied. CC bill would include a Porshe 911, I identidy would be gone!!

Should have added, of course I deleted, and haven't used the account (an old hotmail one) since 2016.

Pretty amazed Google picked it up. Not that it will do anyone any good, - I mean bad!

GawgPorkChop Fortunately, you've made the necessary changes to stay safe!  

We should always take online security seriously...and we must remember that the internet never forgets 🙃