Windows 10: Hackers Use Fake CAPTCHA To Infect Windows PCs

Discus and support Hackers Use Fake CAPTCHA To Infect Windows PCs in Windows 10 News to solve the problem; Hackers are using fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands that install information-stealing... Discussion in 'Windows 10 News' started by GHacks, Feb 18, 2026 at 3:22 AM.

  1. GHacks
    GHacks New Member

    Hackers Use Fake CAPTCHA To Infect Windows PCs


    Hackers are using fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands that install information-stealing software.

    The campaign publishes StealC, an information-stealing tool that targets browser credentials, cryptocurrency wallets, Steam accounts, Outlook login data, system information, and screenshots. The stolen data is sent to a command-and-control (C2) server using RC4-encrypted HTTP traffic.

    Similar hacks we've already seen in the past.

    How the attack works


    Attackers inject JavaScript into these sites. When users visit, they are redirected to a fake CAPTCHA page designed to look like a Cloudflare verification screen.

    Hackers Use Fake CAPTCHA To Infect Windows PCs 583098c1ba0a2d578ef143eb6461406e.jpg

    Instead of presenting a traditional image or checkbox challenge, the fake CAPTCHA instructs users to:

    1. Press Windows key + R
    2. Press Ctrl + V
    3. Press Enter

    The instructions are framed as part of a verification process.

    This technique, referred to as “ClickFix,” exploits user trust in simple keyboard prompts. Victims are made to believe they are completing a routine security check as usual.

    What actually happens


    When users follow the instructions:

    • A malicious PowerShell command is preloaded onto the clipboard.
    • Pressing Ctrl + V pastes the command into the Windows Run dialog.
    • Pressing Enter executes the script.

    The script then connects to a remote server and downloads additional malware components.

    Because the command is run manually through the Run dialog, it can bypass some browser download warnings and security prompts.

    Once installed, StealC begins collecting stored credentials and other sensitive data, including Outlook account details.

    What data is at risk


    StealC especially targets:

    • Browser login credentials
    • Cryptocurrency wallets
    • Steam accounts
    • Outlook credentials
    • System information
    • Screenshots

    The process uses encrypted HTTP traffic to speak with attacker-controlled infrastructure.

    How to protect yourself


    This attack depends on user interaction. The key defense is to never execute commands from web pages.

    If a website asks you to:

    • Open the Run dialog
    • Paste a command
    • Execute PowerShell

    Close the page immediately.

    CAPTCHA challenges DO NOT require keyboard shortcuts or system-level commands. Any such request is a huge red flag.

    Additional actions include:

    • Avoid running PowerShell commands you did not explicitly initiate.
    • Keep Windows security features enabled.
    • Monitor for unusual outbound network activity if you manage enterprise systems.
    • Restrict script execution and enforce application control policies in managed environments.

    If you suspect you already run such a command:

    1. Disconnect the device from the network.
    2. Run a full security scan with updated protection tools.
    3. Change passwords for Outlook, email, and other stored accounts from a clean device.
    4. Enable multi-factor authentication where available.
    Why is this attack effective?


    The method does not rely on traditional file downloads. Instead, it uses social engineering and psychology to get users to run malicious commands themselves.

    By appearing as a CAPTCHA verification, hackers take advantage of a common and widely trusted web interaction.

    The attack targets Windows systems specifically, using built-in tools such as PowerShell and the Run dialog.

    There is no need for a patch from Microsoft. Because it does not abuse a system vulnerability but rather user behavior.

    Thank you for being a Ghacks reader. The post Hackers Use Fake CAPTCHA To Infect Windows PCs appeared first on gHacks.

    read more...
     
  2. bruinator Win User

    steps taken for infected Pc's.


    I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected.

    thx
     
  3. Windows installation stuck at captcha

    Hello,

    today I wanted to install windows 10 on my laptop and everything was fine until I got to the captcha.

    I did the captcha and everything was fine but then I just got stuck, I can go to the previous steps but nothing changes.

    Is this a known issue or is there any fix?

    Thanks
     
    Kadir Saim Tarhan, Feb 18, 2026 at 3:23 AM
    #3
  4. Tupzir Win User

    Hackers Use Fake CAPTCHA To Infect Windows PCs

    Cloud Flare Captcha

    So i open may PC today and some of the websites are asking For Captcha provided of the cloud flare

    i don't know what happen i try to check in projecthoney my ip isnt listed and its not black listed i need help its irritating me for some reason

    please i need help yesterday captcha wasn't showing.

    [Moved from:
    Virus and Malware / Other / Scanning, Detecting, and Removing Threats / Windows 10]
     
Thema:

Hackers Use Fake CAPTCHA To Infect Windows PCs

Loading...
  1. Hackers Use Fake CAPTCHA To Infect Windows PCs - Similar Threads - Hackers Fake CAPTCHA

  2. Infected operating system windows 11 home hackers

    in Windows 10 Gaming
    Infected operating system windows 11 home hackers: Hello,Due to occasionally critical comments on youtube regarding the Ukraine conflict on wion canal and hindustan times and so on, often under the influence a bit ive been become a high priority target by an hacker. I own an 2023 expensive Lenovo pc with win 11 home, latest...
  3. Infected operating system windows 11 home hackers

    in Windows 10 Software and Apps
    Infected operating system windows 11 home hackers: Hello,Due to occasionally critical comments on youtube regarding the Ukraine conflict on wion canal and hindustan times and so on, often under the influence a bit ive been become a high priority target by an hacker. I own an 2023 expensive Lenovo pc with win 11 home, latest...
  4. I need to know if an email is a fake hacker or not

    in Windows 10 Gaming
    I need to know if an email is a fake hacker or not: ***email content removed*** https://answers.microsoft.com/en-us/windows/forum/all/i-need-to-know-if-an-email-is-a-fake-hacker-or-not/db4d71fc-c966-4a4b-af7a-ac7a286b72b5
  5. I need to know if an email is a fake hacker or not

    in Windows 10 Software and Apps
    I need to know if an email is a fake hacker or not: ***email content removed*** https://answers.microsoft.com/en-us/windows/forum/all/i-need-to-know-if-an-email-is-a-fake-hacker-or-not/db4d71fc-c966-4a4b-af7a-ac7a286b72b5
  6. fake virus infection pop ups

    in Windows 10 Software and Apps
    fake virus infection pop ups: I am getting many pop-ups saying my PC is infected by a virus. I never click them on. And it happens before I go to the internet. So, I suspect it is some kind of malware. Windows defender scan says no infection. The keystroke is slow, too. What do I have to do?...
  7. fake virus infection pop ups

    in AntiVirus, Firewalls and System Security
    fake virus infection pop ups: I am getting many pop-ups saying my PC is infected by a virus. I never click them on. And it happens before I go to the internet. So, I suspect it is some kind of malware. Windows defender scan says no infection. The keystroke is slow, too. What do I have to do?...
  8. fake virus infection pop ups

    in Windows 10 Gaming
    fake virus infection pop ups: I am getting many pop-ups saying my PC is infected by a virus. I never click them on. And it happens before I go to the internet. So, I suspect it is some kind of malware. Windows defender scan says no infection. The keystroke is slow, too. What do I have to do?...
  9. fake trojan infection message?

    in AntiVirus, Firewalls and System Security
    fake trojan infection message?: For some reason, when I try to play videos in an area where my internet connection is weak, my headphones stop receiving sound and I must reload the driver. When I did this tonight my computer booted up and uploaded a very strange message (I should have taken a screen shot)...
  10. Hackers opening SMB ports on routers to infect PCs with NSA malware

    in Windows 10 News
    Hackers opening SMB ports on routers to infect PCs with NSA malware: Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers. The way hackers achieve this, Akamai said, is via a technique known...