Who is affected? Websites that use the sweetCAPTCHA service
Solution: Remove sweetCAPTCHA from website. If you are a website viewer, ignore links or popups that may appear after using the sweetCAPTCHA service. Do not download anything from the links and ignore the pop-up messages.
SweetCATPCHA is a service that uses images instead of distorted characters to make sure that someone is a person instead of robot. SweetCAPTCHA is found on many website platforms including thousands of WordPress installations. However, there have been recent reports of this graphic appearing where sweetCAPTCHA has been in use:
5.2 You acknowledge that within the sweetCAPTCHA service and/or sweetCAPTCHA API, There might be included 3rd party content which will be displayed for the purpose of user interaction. This content might include but will not be limited to ads, banners, links, search engine input fields and etc.
Recent investigation of the sweetCAPTCHA code has found the use of clktags which lead to popups, and several links that could install malware and viruses onto your computer. If you do see those links, make sure to ignore and never download anything from them.
Other Malicious Scripts
This issue is not restricted to website owners, it’s also a problem for website viewers. Malicious scripts can be hidden in advertising in websites. Always make sure to practice safe web browsing habits. If you use reputable malware scanners, make sure to keep them up-to-date.
What do I do for the sweetCAPTCHA issue?
- Be wary of any service you purchase and use for your website
For more information, please see this SucuriBlog post.