As we approach the weekend, a new warning has been issued that a "global attack" is now targeting Windows users in multiple nations worldwide. The campaign is surprisingly basic, but it highlights the risk for the hundreds of millions of Windows 10 customers who will be without security upgrades in a year.
Palo Alto Networks' Unit 42 warned about the risks of fake new CAPTCHAs last month. Although it didn't receive much attention at the time, researcher John Hammond's video on X helped spread the word. McAfee researchers have recently released a fresh alert regarding these fraudulent CAPTCHA popups that are currently circulating.
These assaults should be easy to detect—but they’re designed to be casually effective. The fake challenges are designed to distribute Lumma Stealer.
“These pages have a button that, when clicked, shows instructions for victims to paste PowerShell script into a Run window. This copy/paste PowerShell script retrieves and runs a Windows EXE for Lumma Stealer malware. The associated Lumma Stealer EXE files retrieve and use zip archives that don't appear to be inherently malicious on their own,” researchers explained.
In its latest research, McAfee cautions that the ClickFix infection chain operates by tricking people into clicking on buttons like Verify you are a human' or 'I am not a robot.'"
When clicked, a malicious script is copied to the user's clipboard. Users are then tricked into pasting the script after pressing the Windows key + R, unknowingly launching the malware. This technique speeds up the infection process, allowing attackers to easily deploy malware.
The pattern is apparent to you. The crypto wallets and your account credentials are the main targets of the information-stealing malware that will be installed on your device. It doesn't appear to be a typical CAPTCHA, even if they are evolving and becoming more difficult to figure out. However, if, at that moment, copying and pasting isn't making you feel uneasy, turn off your computer and perhaps take a break.
Furthermore, McAfee identifies two deviously created lures, one aimed at consumers ready to download illegally copied games and the other at software developers concerned about a security flaw in code they wrote and distributed.
Users searching online for illegal copies of games are likely to have their guard up in any case; yet, the team warns that "they may encounter online forums, community posts, or public repositories that redirect them to malicious links.”
The second target group is even more sneaky. Users get phishing emails that frequently target GitHub contributors, pushing them to fix a fake security flaw. These emails provide links to the same fraudulent CAPTCHA pages.
This fake CAPTCHA campaign is starting to propagate; be cautious and take a moment to look for any signs of compromise when faced with one. It won't always be as clear as it is in this instance. These attacks will change and become more difficult to identify. It goes without saying that you should never, ever copy and paste and then execute from within a CAPTCHA.
This serves as another timely reminder to Windows 10 users that discontinuing support should not be one of their actions between now and October of next year. You'll need to switch to Windows 11 if Microsoft doesn't offer reasonably priced extension alternatives and workarounds aren't sufficient to close the gap.
