Browser attacks without downloads.

Today we are joined by ⁠Nati Tal⁠, Head of ⁠Guardio Labs⁠, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio’s DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures.

The research can be found here:

• ⁠“CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat