← All stories

The Hacker News

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

[email protected] (The Hacker News) · 2026-04-27 · Read original ↗

ATT&CK techniques detected

5 predictions

T1657Financial Theft

94%

"over a dozen accounts linked to these activities. " by combining an older but still highly effective investment fraud theme with modern ai technologies, actors have been able to launch large ‑ scale, highly convincing cyber campaigns, " infoblox and confiant said. " approximately…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

79%

"fake captcha irsf scam and 120 keitaro campaigns drive global sms, crypto fraud cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake captcha verification tricks to dupe unsuspecting users into sending international text messages t…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1657Financial Theft

60%

"billing, as the ' international sms ' charges often appear on the victim ' s bill weeks later and the experience with the fake captcha has been long forgotten. " what makes the threat notable is the coming together of revenue share fraud and malicious traffic distribution systems…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1557Adversary-in-the-Middle

39%

"warned that they could quickly add up for the threat actor when carried out at scale. the list of phone numbers spans 17 countries, such as azerbaijan, the netherlands, belgium, poland, spain, and turkey. dr. renee burton, vice president of threat intelligence for infoblox, told …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1056.003Web Portal Capture

31%

"warned that they could quickly add up for the threat actor when carried out at scale. the list of phone numbers spans 17 countries, such as azerbaijan, the netherlands, belgium, poland, spain, and turkey. dr. renee burton, vice president of threat intelligence for infoblox, told …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to