More threat actors have been leveraging illicit services aimed at bypassing CAPTCHA checks, according to The Hacker News.
Such services have been leveraging human solvers to perform CAPTCHA-breaking tasks instead of utilizing machine learning and optical character recognition, a report from Trend Micro showed.
Real-time CAPTCHA transmission through API calls has been made possible by bot operators' access to the complete workflow of the CAPTCHA-solving process. Aside from using CAPTCHA-breaking services, attackers have also been leveraging proxyware offerings to better bypass antibot protections, with a proxyware network utilized in a CAPTCHA-breaking service aimed at the Poshmark social commerce marketplace.
"CAPTCHAs are common tools used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective. While online web services can block abusers' originating IPs, the rise of proxyware adoption renders this method as toothless as CAPTCHAs," said Trend Micro researcher Joey Costoya.
