VulnHub

Real-time Cybersecurity News

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

The Hacker News
Actively Exploited

Overview

Researchers have uncovered a telecommunications fraud scheme that tricks users with fake CAPTCHA prompts. This scam encourages unsuspecting individuals to send international text messages, which then result in hefty charges on their mobile bills. The perpetrators of this scheme profit by leasing the phone numbers used in these fraudulent messages. According to a report from Infoblox, this operation is part of a larger trend involving multiple campaigns, including 120 distinct Keitaro campaigns, which are primarily aimed at generating revenue through SMS and cryptocurrency fraud. This incident serves as a reminder for users to be cautious when interacting with unfamiliar verification processes and to monitor their mobile usage closely.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Mobile users, telecom services
  • Action Required: Users should verify the legitimacy of CAPTCHA requests and monitor their mobile bills for unexpected charges.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to

Impact

Mobile users, telecom services

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should verify the legitimacy of CAPTCHA requests and monitor their mobile bills for unexpected charges.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting

Security Affairs

A recently discovered vulnerability, tracked as CVE-2026-6770, allowed attackers to track and fingerprint users of Firefox and the Tor Browser, even when they were using Private Browsing mode. This flaw could bypass Tor's New Identity feature, which is designed to enhance privacy. As a result, both Firefox version 150 and Tor Browser version 15.0.10 have released updates to address this issue. This vulnerability is particularly concerning because it compromises the privacy protections that users rely on, especially those using Tor for anonymous browsing. Users are urged to update their browsers promptly to protect against this tracking risk.

Apr 27, 2026

US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator

SecurityWeek

The U.S. has launched a significant crackdown on cyberscam operations in Southeast Asia, which officials are describing as a new front in the fight against cybercrime. This initiative includes sanctions against a Cambodian senator believed to be involved in facilitating these scams. The crackdown aims to dismantle networks that have been scamming individuals, particularly targeting vulnerable populations in the region. By taking these actions, U.S. authorities hope to disrupt the operations and reduce the impact of these scams, which have been a growing concern in recent years. This move not only addresses immediate threats but also sends a message about the U.S. commitment to combating international cybercrime.

Apr 27, 2026

Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet

Infosecurity Magazine

Researchers have discovered a malware strain called 'fast16' that is believed to have targeted Iran's nuclear program before the well-known Stuxnet attack. This malware predates Stuxnet and indicates that cyber attacks on critical infrastructure may have been more advanced than previously thought. Fast16's potential use against Iran's nuclear facilities raises concerns about the cybersecurity of similar systems worldwide. Understanding this malware could provide insights into the tactics and techniques used by attackers in state-sponsored cyber operations, making it essential for governments and companies to enhance their defenses against such threats.

Apr 27, 2026

Firefox Vulnerability Allows Tor User Fingerprinting

SecurityWeek

A recently discovered vulnerability in Firefox, tracked as CVE-2026-6770, could allow attackers to fingerprint users of the Tor network. This issue primarily affects users who rely on Firefox and Tor for enhanced privacy and anonymity. Fingerprinting techniques can be used to track users across the internet, undermining the very purpose of using Tor, which is designed to protect user identities. The vulnerability has been addressed in the latest updates, specifically Firefox version 150 and Tor version 15.0.10, which users are strongly encouraged to install promptly. By patching this vulnerability, both Mozilla and the Tor Project aim to reinforce the security measures that protect user privacy online.

Apr 27, 2026

BlackFile Group Targets Retail and Hospitality with Vishing Attacks

Infosecurity Magazine

A new group called BlackFile has emerged, focusing on vishing attacks specifically targeting the retail and hospitality sectors. Researchers have identified that this group uses voice phishing techniques to steal sensitive information from employees and customers. By impersonating trusted entities, attackers manipulate individuals into revealing personal data, which can lead to financial losses and data breaches. The rise of such tactics raises concerns for companies in these industries, as they must bolster their defenses against socially engineered attacks. Awareness and training for employees on recognizing vishing attempts are crucial to mitigate this threat.

Apr 27, 2026

U.S. utility giant Itron discloses a security breach

Security Affairs

Itron, a major utility company, reported a security breach after unauthorized access to its internal IT systems was detected on April 13, 2026. The company quickly activated its incident response plan and brought in external cybersecurity experts to address the situation. Authorities were also notified as part of the response process. While specific details about the extent of the breach or the data involved have not been disclosed, incidents like this can pose significant risks to utility services and customer data security. The breach raises concerns about the vulnerabilities within critical infrastructure sectors and the potential impact on services reliant on Itron's technology.

Apr 27, 2026