More threat actors have been using fake CAPTCHA checks to lure targets into copying and pasting certain commands that result in the eventual download of malware, which could facilitate more severe compromise, SC Media reports.
Attacks leveraging such a technique were also dependent on cloud hosting providers, a report from HP Wolf Security showed.
"Hosting on legitimate cloud hosting services helps attackers circumvent detection because the IP addresses and domains are often reputable, enabling threat actors to bypass network security like web proxies that rely on web reputation," said researchers.
Organizations' network administrators have been urged to bolster their defenses against social engineering attacks involving bogus CAPTCHA prompts by restricting or disabling clipboard sharing in end-user accounts.
This development comes after organizations in the hospitality industry were reported by Microsoft to have been subjected to a ClickFix attack campaign that deceived targets into performing self-infection with information-stealing payloads.
