https://jh.live/soc || Join me for the SOC Analyst Appreciation Day! A completely FREE event on October 16th by DEVO! https://jh.live/soc
https://www.virustotal.com/gui/file/178d8523fa6e5560f59e75acb4d76e4a99d91c7bbf232e02c8763d7f62712d0c
https://x.com/aruhamm/status/1834284068227481682
https://x.com/g0njxa/status/1825940825400029483
https://www.orangecyberdefense.com/global/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide
https://x.com/Unit42_Intel/status/1829178013423992948
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-28-IOCs-for-Lumman-Stealer-from-fake-human-captcha-copy-paste-script.txt
https://denwp.com/anatomy-of-a-lumma-stealer/
https://github.com/JohnHammond/recaptcha-phish
Learn Cybersecurity – Name Your Price Training with John Hammond: https://nameyourpricetraining.com
Learn Coding: https://jh.live/codecrafters
Don’t listen to other “influencer” VPN crap — host YOUR OWN: https://jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: https://www.youtube.com/watch?v=_GD5mPN_URM&list=PL1H1sBF1VAKVmjZZr162aUNCt2Uy5ozAG&index=4
Malware & Hacker Tradecraft: https://www.youtube.com/watch?v=LKR8cdfKeGw&list=PL1H1sBF1VAKWMn_3QPddayIypbbITTGZv&index=5
📧JOIN MY NEWSLETTER ➡ https://jh.live/email
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/discord ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
43 Comments
This mostly seems pretty pointless. Anyone who doesn't at least have the basics of tech are probably not going to want to do "whatever that means" as far as they're concerned and anyone who is online even a moderate amount in general are probably too tired of seeing these things to bother.
You don't need any amount of tech savvy to be tired of seeing captchas at which point you just close the page.
In an ironic twist of security events, the vast majority of people who might see these, are probably going to be protected by, essentially, simple laziness, lol.
I got a John Hammond ad ln this video haha
glad there is a barrier between for it to work… if it were the exact same looking captcha AND only need to click, that would be a nightmare! also, i got your DevSecCon 2024 ad on your video around the 9 minutes mark lol, not sure if you pay your self and have 0 gains or a net loss… still was funny seeing your ad playing over your ad!
hi
Sir can you give us roadmap for beginner to advance and also the courses that contain things bcz I am also new and faced difficulties about roadmap
clear case of – hey, use this on your Mac to make it faster – "rm -rf" 🤣🤣🤣
@ about 15:40 – I like to use windows 11.
click off
Why does shell support base64 on the command line? hell… why does Microsoft still hide file extensions by default? ohhh I see they implemented bash piping in windows and it's enabled by default … The security team at micrsoft is doing wonders.
that JS code looks like something that I'd write. Plain SIMPLE!!!
I could see bypassing sandboxie. Would type of social engineering attack bypass Qubes security? lets say it had a linux payload.
They'd do better to automatically fail the captcha and provide instructions for alternate verification along with a phone number since anyone who calls is likely to fall for call center scams.
so cool
This happened to me, it asked me to paste some code, I just closed the page.
I just met this today… one of our user ran that code… luckily the file instantly got erased by av.
A lot of the functionality of document.execCommand seems to be related to WYSIWYG HTML editors so my guess is it is from around that time when Netscape/Mozilla etc were trying to provide those types of tools. Using these APIs you can pretty easily make a basic WYSIWYG HTML editor with a browser extension.
It just so happens the cut/copy commands can also be used in a non-editor context.
Unfortunately even the simplest and dumbest trick works for most of the average users, and that's why they keep appearing. Under circumstances, even the most careful may fall for it.
Thank you for this video of analyzing the situation (and to everyone else of course who did the research and spread awareness about it).
Any child offered vbucks, roblox, etc, playing on their parents/family computer would absolutely fall for this
Why is a web based sctipt even allowed to push to your clipboard?
This happened to me a few days ago. I would probably have laughed if you told me I would fall for this cheap of a trick, but even still I fell for it and did it while tired. My main concern now is should I wipe my whole C drive, or can i trust antiviruses to detect and delete it. What should i do?
if the malware run automaticaly when you click captcha, then it will be a serious problem, BUT if it runs AFTER you copying some nosense code to your runtime, then, what kind of person would do that?
this is so dumb, I can't imagine anyone would fall for this bs, it's so obviously fake on so many levels
if anyone would actually fall for this, low-key kind of deserve to the hacked tbh
Oh God, as soon as I saw the "Verification Steps"… Like others are saying in the comments, most of us know immediately something fishy is going on, but my mom, dad, grandmother etc would all just follow those steps blindly, not knowing what Win+R does or opens, not knowing they're about to paste something that's been set on their clipboard,… It's so scummy from these bad actors, they know exactly that most people have no clue what all of this means. It's so sad, and I feel sorry for every victim. They're paying the price just for not being familiar enough with these things.
It's better for people to know even the more simple methods so they don't get overlooked.
His hair is like a delicious croissant
Watching a John Hammond and then i get an ad from John Hammond. Now that's marketing at work
Generall you are getting the BAG 🏦🏦🏦😤🙏♥️
The one John made, I feel, would trick so many people… Much more than the attacker's version shown before that.
clipboard history should be a web permission denied by default.
This code was written by AI, that's why it's directly using document.body, and those depricated things.
John, thanks for this. I am doing a write up so to speak on captchas. Mainly because many people who are just users do not know the dangers. Besides the dangers, with AI, these are useless and verification is so much more complicated than I at first assumed. Heck as we speak those working on countering this and find better ways are still finding ways that are better than what they roll-out almost daily, doing a great job for sure but for this I have not quite seen as much research being done. Any rate long story short, much appreciated.
These longer videos for me are ok due to somewhat intresting topics you cover but that's just me ^^
I posted about the potential for this on Reddit years ago, and no joke was met with so much toxic/know it all replies that i deleted the post. "I told you so" is never a response i want to give in relation to malware.
that powershell bloked by EDR in my office. i dont expect that the cyber attack happens in many places
Is this sellout clown snaking videos from cyber maddie now. Like that showoff at a skatepark, snaking tricks. And a sellout.
If it works its not dumb.
MY EYES!
I will click 10 times or verify 10 times because the CAPTCHA loop infinitely then I will block the website from my search engine results. And for me recently some website will jump to a separate page that just have CAPTCHA in the page so if it happens I will not able to tell if that is a fake site or not because the website is show in the search result.
If it's silly and it works it's actually very clever.
How 99% of users have no idea what win + R does.
And shockingly many have not even any idea of ctrl + V …
I at least hope they know that Enter exists.
Oh the irony of hitting Enter being the action that allows the malware to enter your PC.
I got an ad while watching this. You were in the ad.
Dumber is more effective. I sniff convenience winning over.
Fun fact: The user click on the capcha is required for some browser fearures like going to fullscreen or using clipboard. When it's done in the "contructor" it just throws an error.