A new phishing scam is targeting unsuspecting users with fake CAPTCHA tests. These malicious tests, disguised as legitimate security measures, are designed to trick victims into installing malware on their devices.
How the Scam Works:
- Fake CAPTCHA: Users encounter a fake CAPTCHA test on a malicious website.
- Malicious Instructions: The CAPTCHA asks users to perform specific keystrokes, such as “Windows + R” followed by “Ctrl + V.”
- Malware Installation: These keystrokes execute a PowerShell script that downloads and installs the Lumma Stealer malware.
- Data Theft: Once installed, the Lumma Stealer can steal sensitive information, including passwords, cookies, and cryptocurrency wallet details.
The Growing Threat of Phishing Attacks:
This latest phishing scam highlights the ongoing threat posed by cybercriminals who continuously evolve their tactics to target unsuspecting users. It’s crucial to remain vigilant and exercise caution when encountering online requests, especially those involving unusual actions.
Tips to Protect Yourself:
Be Wary of Unusual CAPTCHAs, If a CAPTCHA test asks you to perform actions beyond simple image recognition, be suspicious. And avoid clicking on links in unsolicited emails or messages, even if they appear to come from a trusted source.