Fake CAPTCHA pages are tricking users into installing malware
Image: ninefotostudio / Shutterstock.com
Summary created by Smart Answers AI
In summary:
- PCWorld reports that hackers are using fake CAPTCHA pages to trick users into installing malware through deceptive keyboard shortcuts.
- The scam instructs users to press Windows key + R, Ctrl + V, and Enter, which executes malicious PowerShell commands downloading ‘Stealthy StealC Information Stealer’ malware.
- This malware targets sensitive data from browsers, Outlook, Steam, and crypto wallets, making users vulnerable to significant security breaches.
It seems we now have something new to worry about while browsing the web. Windows Central reports that hackers have discovered a new security vulnerability in Windows that allows them to install malicious software on your computer via fake CAPTCHA pages.
The hackers use fake CAPTCHA pages—which are designed to mimic standard security checks—to trick users into installing malicious software (“Stealthy StealC Information Stealer”) via keyboard commands.
Similar to another CAPTCHA attack from last year, users are prompted to press the Windows key + R shortcut (which launches the Windows Run prompt), followed by Ctrl + V (which pastes a malicious command into the Run prompt), and then Enter (which runs the malicious command). Experienced Windows users should immediately notice that something is wrong when a page asks you to open the Windows Run prompt and paste something using the shortcut action.
What ends up happening is that the fake CAPTCHA page loads a PowerShell command into your Windows clipboard, which is then executed when you following the instructions. That PowerShell command downloads malware without you noticing.
Security experts at Level Blue recently wrote that the new attack can be used to access login information for web browsers, Outlook, Steam accounts, and cryptocurrency wallets, among other things.
This article originally appeared on our sister publication PC för Alla and was translated and localized from Swedish.
Author: Kristian Kask, Contributor, PCWorld
Kristian is passionate about gadgets and gaming and mainly writes news for our sister sites, M3 and PC for Alla. He also tests products, mainly game accessories, and translates articles from the Foundry network.
