Fake CAPTCHA scam fools users into installing dangerous malware

A new phishing technique involving the mimicry of CAPTCHA user verification systems has emerged. Scammers prompt users to perform simple key combinations, leading unsuspecting individuals to install malware on their computers inadvertently.

This scam impersonates the familiar CAPTCHA system. A user may land on a page where a familiar window asks for confirmation that the user is human. In legitimate instances, a single button labeled "I'm not a robot," a puzzle piece that needs to be matched with an image, or selecting pictures that do not match the others are typically encountered. However, this scenario is different.

The fake CAPTCHA system suggests that user confirmation will be possible after following a simple instruction: pressing the combinations Win+R, Win+V, and the Enter key in sequence. In practice, this sequence launches a malicious script placed in the system clipboard, unknowingly activated by the victim. The web browser does not alert users that malicious code has entered the clipboard. As a result, fake software is downloaded to the computer.

After running the script, one can expect the download of an infostealer, although the forms of the attack may vary depending on the specific case. The outcome is the same—the user remains unaware of malware operating on their computer, which can steal files, data, or read screen contents. This can lead to email, social media, or online banking login information theft.