Fake CAPTCHA Scams Trick Windows Users into Downloading Malware

 

Cybercriminals have found a new way to trick Windows users into downloading harmful software by disguising malware as a CAPTCHA test. A recent investigation by security researchers revealed that attackers are using this method to install infostealer malware, which secretly collects sensitive data from infected computers.  


How the Scam Works  

The attack begins when a user visits a compromised website and encounters what appears to be a routine CAPTCHA verification. These tests are usually used to confirm that a visitor is human, but in this case, clicking on it unknowingly triggers a harmful command.  

Instead of simply verifying the user’s identity, this fake CAPTCHA executes a hidden script that launches a multi-step infection process. The malware then installs itself and starts collecting sensitive information like usernames, passwords, and banking details.  

Step-by-Step Breakdown of the Attack  

1. Fake CAPTCHA Displayed: The user sees what looks like a normal CAPTCHA test.  

2. PowerShell Command Executed: Clicking on the CAPTCHA activates a hidden script that runs harmful commands.  

3. Additional Malicious Code Downloaded: The script retrieves more files, which help the malware spread without dete

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: