Web users face a fresh threat during online navigation, as hackers leverage a recently identified Windows weakness to deploy harmful programs through deceptive CAPTCHA interfaces, according to Windows Central.
Attackers craft imitation CAPTCHA screens that resemble typical verification processes to dupe individuals into deploying the 'Stealthy StealC Information Stealer' malware using keyboard inputs.
Echoing a CAPTCHA-based scheme from the previous year, the tactic instructs victims to hit the Windows key plus R to access the Run dialog, then Ctrl plus V to insert a harmful directive, and finally Enter to activate it. Savvy Windows operators would quickly spot the anomaly when a website directs them to invoke the Run feature and input content via key combinations.
In practice, the bogus CAPTCHA interface places a PowerShell script onto the system's clipboard, which activates upon adhering to the given steps, silently fetching the malware.
Analysts from Level Blue have noted in a recent analysis that this method enables theft of credentials from internet browsers, Outlook email, Steam profiles, digital currency storage, and additional sources.
The piece first ran in our affiliate outlet PC för Alla, adapted and rendered into English from its Swedish origins.
Kristian, an enthusiast for tech devices and video games, primarily contributes news pieces to our related platforms M3 and PC för Alla, evaluates items such as gaming peripherals, and adapts content from the Foundry network.