Student Engagement Platform iClicker Compromised by Malware-Carrying Captcha

By Netvora Tech News

---

A popular student engagement platform, iClicker, has fallen victim to a malware-carrying captcha attack. The platform, used by over 7 million students and 5,000 instructors, was compromised between April 12th and 16th, allowing attackers to inject malicious code.

How the Attack Unfolded

According to the University of Michigan, the attackers managed to compromise the website and insert malicious code, which presented users with a seemingly legitimate captcha. However, instead of verifying user identities, the code instructed users to execute a PowerShell script, which installed malware on their systems, giving attackers full control.

Consequences and Advice

Students who interacted with the compromised captcha are advised to change their passwords immediately on any device they used to access the platform. For university systems, it is recommended to shut down the system and report the incident. For personal devices, a virus scan or seeking technical support from the university is advised.

iClicker's Response

iClicker has released a security bulletin warning users of the compromised captcha and advising the use of security software. Despite the breach, the platform's exact vulnerabilities remain unknown.

Impact and Context

iClicker is a widely used platform for supporting students during lessons, allowing for quizzes, surveys, and test organization. Its 'study tools' feature helps students prepare for classes. The platform's widespread adoption, including partnerships with various American universities, makes this breach a significant concern.

• Over 7 million students and 5,000 instructors use iClicker
• Attackers compromised the platform between April 12th and 16th
• Malware installed on affected devices gave attackers full control
• iClicker has released a security bulletin and advises using security software