Hacking tool developer Greasy Opal has had its CAPTCHA bypass solution leveraged by several threat operations and substantially improved to crack newly emergent CAPTCHA types since 2008, BleepingComputer reports.

Aside from targeting U.S., Russian, and Brazilian government and public service entities, Greasy Opal’s CAPTCHA solver — which leverages both sophisticated optical character recognition technology and machine learning models — has also been aimed at Amazon, Apple, Facebook, WhatsApp, Steam, and other widely known organizations in the tech industry, according to an analysis from Arkose Labs, which followed Microsoft’s disruption of Greasy Opal client Vietnam-based threat operation Storm-1152.

Additional findings revealed the financial motivations of Greasy Opal, which has been selling its hacking tools in a subscription model. “Attackers can purchase Greasy Opal’s toolkit for $70. For an additional $100 customers can upgrade to get the beta version. Regardless of the version, Greasy Opal requires customers to pay an additional $10 per month as a subscriber fee,” said Arkose Labs, which also noted other bundles for threat actors.