Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots

  /     /     /  
Publicated : 23/11/2024   Category : security


Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots


On-demand human solvers are now augmenting automated website cyberattacks, offering a better way around tougher anti-bot puzzles.



The cyber-underground menu of criminal services now includes on-demand, human-assisted CAPTCHA-breaking functionality, researchers are warning — meaning that website admins should look to implement additional anti-bot protections as a result. 
CAPTCHAs are familiar to most Internet users as challenges that are used to confirm that they’re human. The
Turing test
-adjacent puzzles usually involve typing in a word presented visually as blurred or distorted text, for instance, or clicking all photos in a grid that contain a certain object. The idea is to weed out
bots on e-commerce and online account sites
.
However, there has been a bit of a space race when it comes to CAPTCHA efficacy; tougher puzzles like those that present twisty letters or numbers to interpret can now be defeated by machine learning, for instance. That has sparked the rise of more advanced CAPTCHA challenges, such as rotating an askew object to be in its correct position, according to a
recent Trend Micro analysis
. However, cybercrooks now have options to get around these too.
Online service operators face a slew of different challenges when automated Web traffic defeats CAPTCHAs not by using bots, but by using human CAPTCHA solvers, explained researchers at Trend Micro. Several services that are primarily geared toward this market demand have been created.
To use a CAPTCHA-solving service, bot operators can create automated attack scripts that automatically capture the CAPTCHA when presented, sending it in real time via an integrated API call to the service provider, according to Trend Micro. The CAPTCHA-breaking service taps a human solver to work out the solution, and sends the answer back to the automated script a few seconds later to be input into the answer field on the targeted website.
The researchers noted that such services are seeing uptake; for instance, a recent real-world attack was observed on the Poshmark social commerce marketplace for buying and selling used fashion, home, and electronics items.
Our observations show that there are numerous CAPTCHA-solving task requests to a known CAPTCHA-breaking service that are targeting CAPTCHAs from Poshmarks website, according to Trend Micro. From the data weve gathered, these CAPTCHA-solving requests originated from a known Poshmark bot.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots