How do hackers install malware using fake CAPTCHAs?

Hackers use fake CAPTCHA pages to trick users into executing malicious PowerShell commands via keyboard shortcuts, which download malware.

What kind of data does the Stealthy StealC Information Stealer target?

The malware targets login information for web browsers, Outlook, Steam accounts, and cryptocurrency wallets.

What are the risks associated with this fake CAPTCHA attack?

Users are at risk of significant security breaches, including the theft of sensitive login credentials and financial information.

Home / Technology / Fake CAPTCHAs Unleash Stealthy Malware

Fake CAPTCHAs Unleash Stealthy Malware

18 Feb

•

Summary

New malware delivered via fake CAPTCHA pages.
Attack targets browser, Outlook, Steam, and crypto data.
Users tricked into executing malicious commands.

Cybercriminals are now employing fake CAPTCHA pages as a new vector to compromise Windows users. These pages mimic security verification processes, enticing individuals to perform specific keyboard shortcuts.

By instructing users to press the Windows key + R and then paste a command via Ctrl + V, attackers load malicious PowerShell commands into the clipboard. Executing these commands silently downloads malware onto the victim's computer.

Security researchers have identified this "Stealthy StealC Information Stealer" as capable of accessing a wide range of sensitive information. This includes login credentials for popular web browsers, Outlook, Steam gaming accounts, and valuable cryptocurrency wallets, highlighting a critical new threat to personal data security.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.