Phishing scams mimic CAPTCHA to trick users into malware installation

A new method has been added to the array of phishing techniques, involving mimicking the CAPTCHA user verification system. Scammers ask for simple key combinations to be performed, and an unsuspecting user installs malware on their computer this way.

The website Sekurak, among others, warns about this new scam method and the impersonation of the CAPTCHA system. A user may land on a page where a familiar window asks for confirmation that the user is human. Typically, we encounter a single button with the text "I'm not a robot," a puzzle piece that needs to be matched to an image, or (in the oldest version) selecting pictures that do not match the others. Here, however, it is different.

The fake CAPTCHA system suggests that user confirmation will be possible after performing a simple instruction - pressing the combinations Win+R, Win+V, and the Enter key in sequence. In practice, this is a recipe for launching a malicious script placed in the system clipboard, which is then unknowingly activated by the victim. The web browser will not warn in any way that malicious code has entered the clipboard. Fake software will then be downloaded to the computer.

According to Sekurak, after running the script, one can expect the download of an infostealer, although the forms of attack may vary depending on the specific case. The conclusion is the same - the user is unaware that malware is operating on their computer, which can steal files, data, or read screen contents. This can lead, for example, to theft of email, social media, or online banking login data.