Real People Perform CAPTCHA Solving Services for Hackers

CAPTCHA solving services

Trend Micro analysts talked about several services that offer CAPTCHA solving services for cybercriminals. According to the researchers, often these services do not use advanced character recognition and machine learning methods, instead CAPTCHAs are simply solved by real people.

Let me remind you that we also wrote that CAPTCHA in Discord Asks Users to Find Non-Existent Objects Created by AI, and also that GPT-4 Tricked a Person into Solving a CAPTCHA for Them by Pretending to Be Visually Impaired.

CAPTCHA solving services
Advertisement for one of the services

While cybercriminals are interested in flawless CAPTCHA cracking, several services have emerged that are primarily focused on meeting this market demand. These CAPTCHA solving services do not use optical character recognition or advanced machine learning technologies. Instead, they crack CAPTCHAs by giving tasks to solve them to real people.according to a Trend Micro report.

Such services work by delegating customer requests to their CAPTCHA solvers and then sending the results back to users. This is implemented through an API to send a CAPTCHA and a second API to get the results.

This makes it easier for customers of CAPTCHA cracking services to develop automated tools to [attack] various web services. Since CAPTCHAs are solved by real people, screening out automated bot traffic with such checks becomes ineffective.experts write.

In addition, it has been observed that attackers buy CAPTCHA cracking services and combine them with various proxyware to hide the original IP address and bypass anti-bot filters. For example, in one case, a CAPTCHA cracking service was targeted at the popular marketplace Poshmark, and requests for tasks coming from the bot were sent through a proxyware network.

CAPTCHA solving services
Resources CAPTCHA solving services most often attack

CAPTCHAs is a common spam and bot filtering tool, but the growing number of CAPTCHA cracking services is making CAPTCHAs less effective. While web services can block malicious IP addresses, the rise in proxy usage makes this method as useless as CAPTCHA.experts conclude.

As a result, Trend Micro recommends that administrators complement CAPTCHA and IP blocking with other protections against attacks and abuse.

By the way, the media write: CAPTCHA is Becoming Obsolete. What Will Take Its Place?

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *