Be careful
CAPTCHA tests are often routine and boring, which can cause you to turn off your brain and mindlessly click through them. But that inattention is precisely what one group of hackers is trying to exploit.
In recent weeks, security researchers have spotted hackers circulating a fake CAPTCHA test, which can actually install malware over a Windows PC if you follow all the instructions on the screen.
A CAPTCHA test is designed to filter out bots by requiring visitors to a website prove that they’re human. To do so, the tests can often ask you to select the correct objects in an image, or type in a word.
The malicious CAPTCHA test takes the same approach, but asks the user to go to their keyboard, and perform some commands. The instructions may look benign and simple, but in reality the CAPTCHA test is asking the Windows user to install the Lumma Stealer malware, which can loot passwords, cookies and cryptocurrency wallet details from the user’s PC.
Specifically, the malicious CAPTCHA test will ask the unsuspecting user to press “Windows + R,” which will trigger their PC to open the run dialog box, a way to launch programs. The test then asks the user to press “CTRL + V” and then enter. If the user does this quickly, they might not realize that the CAPTCHA has actually caused them to paste a PowerShell script into the run dialog box, and then execute it.
It turns out the PowerShell script will actually retrieve a “Windows EXE for Lumma Stealer malware,” according to security researchers at Palo Alto Networks’s Unit 42, which first warned about the fake CAPTCHA tests last month.
CAPTCHA tests are often routine and boring, which can cause you to turn off your brain and mindlessly click through them. But that inattention is precisely what one group of hackers is trying to exploit.
In recent weeks, security researchers have spotted hackers circulating a fake CAPTCHA test, which can actually install malware over a Windows PC if you follow all the instructions on the screen.
A CAPTCHA test is designed to filter out bots by requiring visitors to a website prove that they’re human. To do so, the tests can often ask you to select the correct objects in an image, or type in a word.
The malicious CAPTCHA test takes the same approach, but asks the user to go to their keyboard, and perform some commands. The instructions may look benign and simple, but in reality the CAPTCHA test is asking the Windows user to install the Lumma Stealer malware, which can loot passwords, cookies and cryptocurrency wallet details from the user’s PC.
Specifically, the malicious CAPTCHA test will ask the unsuspecting user to press “Windows + R,” which will trigger their PC to open the run dialog box, a way to launch programs. The test then asks the user to press “CTRL + V” and then enter. If the user does this quickly, they might not realize that the CAPTCHA has actually caused them to paste a PowerShell script into the run dialog box, and then execute it.
It turns out the PowerShell script will actually retrieve a “Windows EXE for Lumma Stealer malware,” according to security researchers at Palo Alto Networks’s Unit 42, which first warned about the fake CAPTCHA tests last month.
