Windows 10: Hackers Use Fake CAPTCHA To Infect Windows PCs

Hackers are using fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands that install information-stealing software.

The campaign publishes StealC, an information-stealing tool that targets browser credentials, cryptocurrency wallets, Steam accounts, Outlook login data, system information, and screenshots. The stolen data is sent to a command-and-control (C2) server using RC4-encrypted HTTP traffic.

Similar hacks we've already seen in the past.

How the attack works


Attackers inject JavaScript into these sites. When users visit, they are redirected to a fake CAPTCHA page designed to look like a Cloudflare verification screen.



Instead of presenting a traditional image or checkbox challenge, the fake CAPTCHA instructs users to:

1. Press Windows key + R
2. Press Ctrl + V
3. Press Enter

The instructions are framed as part of a verification process.

This technique, referred to as “ClickFix,” exploits user trust in simple keyboard prompts. Victims are made to believe they are completing a routine security check as usual.

What actually happens


When users follow the instructions:

• A malicious PowerShell command is preloaded onto the clipboard.
• Pressing Ctrl + V pastes the command into the Windows Run dialog.
• Pressing Enter executes the script.

The script then connects to a remote server and downloads additional malware components.

Because the command is run manually through the Run dialog, it can bypass some browser download warnings and security prompts.

Once installed, StealC begins collecting stored credentials and other sensitive data, including Outlook account details.

What data is at risk


StealC especially targets:

• Browser login credentials
• Cryptocurrency wallets
• Steam accounts
• Outlook credentials
• System information
• Screenshots

The process uses encrypted HTTP traffic to speak with attacker-controlled infrastructure.

How to protect yourself


This attack depends on user interaction. The key defense is to never execute commands from web pages.

If a website asks you to:

• Open the Run dialog
• Paste a command
• Execute PowerShell

Close the page immediately.

CAPTCHA challenges DO NOT require keyboard shortcuts or system-level commands. Any such request is a huge red flag.

Additional actions include:

• Avoid running PowerShell commands you did not explicitly initiate.
• Keep Windows security features enabled.
• Monitor for unusual outbound network activity if you manage enterprise systems.
• Restrict script execution and enforce application control policies in managed environments.

If you suspect you already run such a command:

1. Disconnect the device from the network.
2. Run a full security scan with updated protection tools.
3. Change passwords for Outlook, email, and other stored accounts from a clean device.
4. Enable multi-factor authentication where available.

Why is this attack effective?


The method does not rely on traditional file downloads. Instead, it uses social engineering and psychology to get users to run malicious commands themselves.

By appearing as a CAPTCHA verification, hackers take advantage of a common and widely trusted web interaction.

The attack targets Windows systems specifically, using built-in tools such as PowerShell and the Run dialog.

There is no need for a patch from Microsoft. Because it does not abuse a system vulnerability but rather user behavior.

Thank you for being a Ghacks reader. The post Hackers Use Fake CAPTCHA To Infect Windows PCs appeared first on gHacks.

read more...

 

steps taken for infected Pc's.


I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected.

thx

 

Windows installation stuck at captcha

Hello,

today I wanted to install windows 10 on my laptop and everything was fine until I got to the captcha.

I did the captcha and everything was fine but then I just got stuck, I can go to the previous steps but nothing changes.

Is this a known issue or is there any fix?

Thanks

 

Cloud Flare Captcha

So i open may PC today and some of the websites are asking For Captcha provided of the cloud flare

i don't know what happen i try to check in projecthoney my ip isnt listed and its not black listed i need help its irritating me for some reason

please i need help yesterday captcha wasn't showing.

[Moved from:
Virus and Malware / Other / Scanning, Detecting, and Removing Threats / Windows 10]