Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42

accounts actor africa alto automated automated libra bypass campaign captcha cloud cloud platforms cloud resources crypto crypto mining fashion freejacking github hackers libra mining networks operations order palo palo alto palo alto networks platforms purpleurchin resources south south africa tactics techniques threat threat actor unit 42