OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
Summary: A new malware campaign, dubbed OBSCURE#BAT, deploys an open-source rootkit called r77 through social engineering tactics, primarily targeting English-speaking users in the US, Canada, Germany, and the UK. The campaign utilizes obfuscated Windows batch scripts and PowerShell commands to establish persistence while evading detection. Security researchers highlighted its ability to masquerade as legitimate software and employ various misleading strategies to lure victims into executing the malicious scripts.

Affected: Users in the United States, Canada, Germany, and the United Kingdom

Keypoints :

  • OBSCURE#BAT leverages social engineering tactics, including fake software downloads and CAPTCHA scams.
  • The attack starts with a malicious batch script that uses PowerShell to deliver a more complex payload.
  • The malware can modify registry keys, implement persistence techniques, and stay hidden while monitoring clipboard activity.

Source: https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html