At Tigris, we encountered a pattern where uploaded files included fake CAPTCHA screens as a way to hide malicious payloads and bypass detection.<p>These fake CAPTCHAs look legitimate but are used to trick users into executing malware, and they're surprisingly effective at evading static analysis.<p>We shared what we found and how we're improving our detection pipeline:
<a href="https://www.tigrisdata.com/blog/fake-captchas/" rel="nofollow">https://www.tigrisdata.com/blog/fake-captchas/</a>