SweetCAPTCHA distributes Adware

SweetCAPTCHA is a free service that offers good-looking images instead of the classic captchas made of cryptic digits and characters. It is available for a number of platforms including WordPress, Drupal, and Joomla!

Malicious scripts by SweetCaptcha

Sucuri, a well-known company that works on online security, reports that many websites using SweetCaptcha are affected by malicious popups and ads.
Occasionally, some visitors see popups that promote tech support for security errors.

SweetCaptcha fake tech support popup

Example of fake tech support popup

Having a look at the sources of the websites using this service, it’s common to see this JavaScript:

hxxp://www . sweetcaptcha . com/api/v2/apps/csrf/(digit_id)?ver=3.1.0

which loads the malicious code.

SweetCaptcha API script

This code tries to load a script from //clktag .com/adServe/banners?tid=SWTMPOP&tagid=2 that has to do with advertising. Obviously, people would never imagine that a captcha service loads something related to ads. Neverthless, if you read section 5 of SweetCaptcha Terms of User, you’ll find this:

5.2 You acknowledge that within the sweetCAPTCHA service and/or sweetCAPTCHA API, There might be included 3rd party content which will be displayed for the purpose of user interaction. This content might include but will not be limited to ads, banners, links, search engine input fields and etc.

This gives an explaination of this problem.

Adware history of SweetCaptcha

It’s not the first time that SweetCaptcha injects this kind of malicious code into websites using their service. Back in September of 2014 a user reported an unwanted search bar in WordPress forums. SweetCaptcha replied with this explanation:

SweetCaptcha is a FREE project, we had some pilots for a very short time with monetization solutions back in the past, but they were just pilots, meaning ended long time ago.

sweetCaptcha was always Free from ads and will stay so.

In Sucuri blog post about this malware you’ll find links to a number of support threads on the WordPress plugin’s forum starting from June 8, 2015 reporting a new wave of ads coming from that service. So, it’s not really free from ads.


Let me suggest you just a few steps to take in order to stay free from malware ads:

  1. Don’t use SweetCaptcha any more.
  2. Read terms of service for anything you use.
  3. Think twice before adding third-party scripts in your website. You lose control over your web pages’ content.

I’ll not tell you to temporarily stop using this service. You should stop forever. There are various ways to maintain a free service, but malware is one that should never be accepted. Services that want to live by injecting malware on their users’ websites should die.

CC BY-SA 4.0 SweetCAPTCHA distributes Adware by Mattia Migliorini is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Web Designer freelance, Ubuntu Member, Linux evangelist. Loves working on clear and minimal designs and wants to create beautiful things for different devices.

deshack wrote 82 posts

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>