New threat uses fake CAPTCHA to infect systems with malware

In a nutshell: A new cyber threat tactic has emerged, leveraging social engineering to trick users into infecting their own systems with malware. Recently highlighted by Malwarebytes, this method disguises malicious tools as CAPTCHA requests. In reality, these files – often media or HTML-based – are designed to steal personal information or function as remote access trojans. The attack typically begins when visitors to a website are prompted to verify they are not robots, a common practice that rarely raises suspicion. However, instead of a standard CAPTCHA challenge, users encounter a series of seemingly harmless steps that are actually part of a sophisticated scam. The instructions might read: "To better prove you are not a robot, please press and hold the Windows Key + R, paste the verification code by pressing Ctrl + V, and then press Enter to complete verification." These steps are designed to execute a malicious command. Behind the scenes, the website uses JavaScript to copy a ... Read full article.