A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group “primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations,” Palo Alto Networks Unit 42