Cybercriminals have found a new way to trick Windows users into downloading harmful software by disguising malware as a CAPTCHA test. A recent investigation by security researchers revealed that attackers are using this method to install infostealer malware, which secretly collects sensitive data from infected computers.
How the Scam Works
The attack begins when a user visits a compromised website and encounters what appears to be a routine CAPTCHA verification. These tests are usually used to confirm that a visitor is human, but in this case, clicking on it unknowingly triggers a harmful command.
Instead of simply verifying the user’s identity, this fake CAPTCHA executes a hidden script that launches a multi-step infection process. The malware then installs itself and starts collecting sensitive information like usernames, passwords, and banking details.
Step-by-Step Breakdown of the Attack
1. Fake CAPTCHA Displayed: The user sees what looks like a normal CAPTCHA test.
2. PowerShell Command Executed: Clicking on the CAPTCHA activates a hidden script that runs harmful commands.
3. Additional Malicious Code Downloaded: The script retrieves more files, which help the malware spread without detection.
4. Final Infection: The malware, such as Lumma or Vidar, is installed and begins stealing personal data.
How Attackers Evade Detection
Hackers use several techniques to keep their malware hidden from security software:
Obfuscation: The malware code is made more complex to avoid being detected by antivirus programs.
Multiple Layers of Encryption: Attackers scramble the malware’s code so that security tools cannot recognize it.
Bypassing Security Measures: The script manipulates Windows settings to prevent detection and removal.
In some cases, the malware uses a special trick called XOR encryption to disguise itself. Some versions even include commands that trick Windows security tools into believing the malware is safe.
How to Protect Yourself
To avoid falling victim to this scam, follow these precautions:
1. Be Wary of Suspicious CAPTCHAs: If a CAPTCHA test appears unusual or asks for unexpected actions, do not interact with it.
2. Stay on Trusted Websites: Avoid unknown or unverified sites, as they may be compromised.
3. Keep Your System Updated: Install the latest security updates for Windows and your antivirus software.
4. Use Reliable Security Tools: A strong antivirus program can help detect and block suspicious activity.
5. Enable Browser Protections: Modern web browsers offer security features that warn against unsafe websites — keep them turned on.
This deceptive CAPTCHA scam is a reminder that cybercriminals are always coming up with new ways to infect devices and steal personal data. By staying alert and following basic security practices, users can reduce their chances of being targeted by such attacks.