Faux CAPTCHA pages are tricking customers into putting in malware

It appears we now have one thing new to fret about whereas searching the net. Home windows Central stories that hackers have found a brand new safety vulnerability in Home windows that permits them to put in malicious software program in your laptop through pretend CAPTCHA pages.

The hackers use pretend CAPTCHA pages—that are designed to imitate commonplace safety checks—to trick customers into putting in malicious software program (“Stealthy StealC Data Stealer”) through keyboard instructions.

Much like one other CAPTCHA assault from final yr, customers are prompted to press the Home windows key + R shortcut (which launches the Home windows Run immediate), adopted by Ctrl + V (which pastes a malicious command into the Run immediate), after which Enter (which runs the malicious command). Skilled Home windows customers ought to instantly discover that one thing is unsuitable when a web page asks you to open the Home windows Run immediate and paste one thing utilizing the shortcut motion.

What finally ends up taking place is that the pretend CAPTCHA web page hundreds a PowerShell command into your Home windows clipboard, which is then executed whenever you following the directions. That PowerShell command downloads malware with out you noticing.

Safety consultants at Degree Blue just lately wrote that the brand new assault can be utilized to entry login info for net browsers, Outlook, Steam accounts, and cryptocurrency wallets, amongst different issues.