Posts: 16,244
Threads: 10,302
Thanks Received: 9,360 in 7,506 posts
Thanks Given: 10,339
Joined: 12 September 18
18 February 26, 08:34
Quote:Hackers are using fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands that install information-stealing software.
Security researchers at LevelBlue say that the campaign publishes StealC, an information stealer that exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook login data, system information, and screenshots. The stolen data is sent to a command-and-control (C2) server using RC4-encrypted HTTP traffic.
Similar hacks we've already seen in the past.
How the attack works
Attackers inject JavaScript into these sites. When users visit, they are redirected to a fake CAPTCHA page designed to look like a Cloudflare verification screen.
![[Image: 583098c1ba0a2d578ef143eb6461406e.jpg]](https://www.ghacks.net/wp-content/uploads/2026/02/583098c1ba0a2d578ef143eb6461406e.jpg)
Instead of presenting a traditional image or checkbox challenge, the fake CAPTCHA instructs users to:
- Press Windows key + R
- Press Ctrl + V
- Press Enter
The instructions are framed as part of a verification process.
This technique, referred to as “ClickFix,” exploits user trust in simple keyboard prompts. Victims are made to believe they are completing a routine security check as usual.
Continue Reading...
Hackers Use Fake CAPTCHA To Infect Windows PCs
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
