Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Hackers use Trick CAPTCHA on Webflow CDN PDFs to bypass the safety scanner
Global Security

Hackers use Trick CAPTCHA on Webflow CDN PDFs to bypass the safety scanner

AdminBy AdminFebruary 13, 2025No Comments3 Mins Read
CAPTCHA Trick on Webflow
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


February 13, 2025Red LakshmananSecurity on the Internet / Security Cloud

Trick CAPTCHA on Webflow

Was marked with extensive phishing Web The content shipping network (CDN) with the aim of stealing credit card information and financial fraud.

“The attacker aims at the victims seeking documents on the search engines, leading to access to the malicious PDF, which contains the image of CAPTCHA, is built with a phishing link that makes them provide tangible information,” – a researcher at the threat of Netskope Jan Michael Alcantara – Note.

Cybersecurity

Activities, which continued since the second half of 2024, entails users looking for book titles, documents and graphics in search engines such as Google to redirect users to PDF files located on the Webflow CDN.

These PDF files are supplied by a built -in image that mimics CAPTCHA’s challenge, causing users to push for a phishing page that this time accepts the true Cloudflare Turnstile Captcha.

Doing this, the attackers seek to borrow the process of legitimacy, deceiving the victims, thinking that they interacted with the security check, simultaneously evading the detection of static scanners.

Users who complete the valid CAPTCHA Challenge are subsequently redirected to the page that includes the “download” button to access the intended document. However, when the victims are trying to complete the step, they are submitted by a pop -up message to introduce their personal and credit card data.

Trick CAPTCHA on Webflow

“After entering the credit card details, the attacker will send an error message to show that it was not accepted,” said Michael Alcantar. “If the victim provides data on his credit card two more times, they will be redirected to the http 500 error page.

Development happens as Slashnext described the new phishing Banking malicious software the name of the same name), which is advertised in the Telegram and Cybercrime markets for $ 2000 in exchange for six months of updates and bypass equipment.

Cybersecurity

As a phishing-how’s service (Phase) Suggestions, it allows Cyber ​​Arooks to be able to collect credentials and two-factor authentication codes (2FA) through fake entry pages that mimic popular online services.

“Astaroth uses Evil-Felisky reverse proxy for interception and manipulation of traffic between victims and legal authentication services such as Gmail, Yahoo and Microsoft, “security researcher Daniel Keli – Note. “Speaking as a medium person, he records credentials, tokens and a real -time session, effectively bypassing 2FA.”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.