Security News Microsoft targets CAPTCHA-cracking bot ring allegedly responsible for 750M fake accounts


Level 26
Thread author
Top Poster
Aug 17, 2017
Microsoft secured a court order to sieze and take down websites used by a group that it describes as the “number one seller and creator of fraudulent Microsoft accounts,” which deployed bots capable of tricking the CAPTCHA systems normally used to confirm that humans are creating accounts.

The group, which Microsoft calls Storm-1152, also routinely circumvented the authentication systems of other major technology companies, including Twitter (X) and Google, according to a Microsoft complaint unsealed Wednesday afternoon in the U.S. District Court for the Southern District of New York.

The group “represents a significant industry-wide problem,” the complaint says.

Bots deployed by Storm-1152 were responsible for about 750 million fraudulent Microsoft accounts, the company said. One reason they needed to create so many was that the company’s fraud detection systems identified and disabled the accounts quickly, often in a matter of hours after they were created.

The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly became inaccessible without warning.

Affiliates associated with NoEscape claimed that the ransomware operators pulled an exit scam, stealing millions of dollars in ransom payments and shutting off the operation's web panels and data leak sites. NoEscape is believed to be a rebrand of the Avaddon ransomware operation, which shut down in June 2021 and released their decryption keys to BleepingComputer.

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. OLVX follows a recent trend where cybercrime marketplaces are increasingly hosted on the clearnet instead of the dark web, making them more accessible to a broader range of users and possible to promote through search engine optimization (SEO).

ZeroFox researchers, who first identified OLVX in early July 2023, have reported a substantial uptick in activity on the new marketplace in the fall, noting a rise in both sellers and buyers. This rise in OLVX's popularity is attributed to SEO efforts from the market's admins, advertisements on hacker forums, promotion through the platform's dedicated Telegram channel, and the hacking community's "word of mouth.".

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.