You’re likely well-acquainted with classic CAPTCHA tests on websites. You know, the thing where you have to click to confirm you aren’t a robot? Type in the strange-looking letters and numbers? Select all the traffic lights, the buses, the motorcycles, that sort of thing? These tests are mostly nuisances and data collection traps, but hackers are now leaning into CAPTCHAs as a way to trick users into installing malware.
At least, that’s what security experts are increasingly warning about. Last month, MalwareBytes Labs spotted one such fake CAPTCHA that had you paste some “verification” text into the Windows Run prompt. Recently, there have also been reports of a malware called “Quakbot” that uses an even more dangerous variant of the CAPTCHA scam.
How do CAPTCHA scams work?
Hack attacks via CAPTCHAs are dangerous because users click on them out of habit when they appear on websites. Hackers are now exploiting this instant-reaction behavior with fake pop-up messages that look strikingly similar to real CAPTCHA tests.
Here, too, users are asked to click on a box to solve a test. However, when you click on that box, you end up redirected to other pages. Further actions ensure that dangerous commands are copied to your clipboard, making it possible for attackers to run those dangerous commands on your computer without authorization.
In some cases, these CAPTCHAs even prompt you to press certain key combinations that directly invoke Windows PowerShell or execute certain commands on your device. That’s why you should be extra suspicious of any CAPTCHA request that asks you to do anything unusual.
These types of attacks are called ClickFix CAPTCHA attacks because they use social engineering to trick you into clicking fake CAPTCHAs and other elements, which then trigger malicious responses.
These attacks are surprisingly effective
To keep you off your toes, every subsequent click in a ClickFix CAPTCHA attack is disguised with additional “verification requests” that hide the malicious nature of what you’re doing. In the worst case, it ends with you unknowingly executing a malware script that takes over your PC.
CAPTCHA attacks reportedly have a higher success rate than other scam attempts because of their novel psychological tricks that prey on reflexive behavior when our guards are down. The only real protection is to remain vigilant, especially when visiting unfamiliar websites. And, of course, having reliable antivirus software that protects against threats.
Autentifică-te pentru a adăuga comentarii
Alte posturi din acest grup
“The coolest code I’ve ever written.” With these words, Bill Gates in
Updated on April 3, 2025: The new version of Microso
Artificial intelligence has basically taken over and replace traditio
With the warmer months coming up, I’m looking forward to spending mor
As a Yankees fan living in Cincinnati who also sort of roots for the
By this point, you’re probably not surprised that Nvidia is working o
I don’t think you should try running Windows 11 on less than 16GB of
