The Latest Hack: Fake CAPTCHAs, Real Threats
A new cyberattack is tricking users into installing malware. This time, cybercriminals are using fake CAPTCHAs – those small word or image tests designed to confirm you’re not a robot. Over 1.4 million users worldwide have been targeted in this attack, and you could be next.
Here’s how it works:
The Hack
In January 2025, Netskope Threat Labs uncovered a new malware campaign that uses fake CAPTCHAs to deliver a powerful information-stealing malware called Lumma Stealer. Unlike traditional phishing attacks that trick users into entering credentials, this campaign takes a more direct approach – convincing victims to manually execute malicious code on their own systems.
This is done through the guise of a CAPTCHA code. Once installed, the malware operates stealthily, stealing information without immediate signs of infection. Netskope Threat Labs reports that “this campaign spans multiple industries, including healthcare, banking, and marketing, with the telecom industry having the highest number of organizations targeted.”
What Is Lumma Stealer?
Lumma Stealer is a malware-as-a-service (MaaS), meaning cybercriminals can rent or purchase access to this malware rather than creating it on their own. This makes it very easy for any cybercriminal to access, leading to widespread attacks and rapid infections.
Designed to steal financial data, browser cookies, cryptocurrency wallets, and even multi-factor authentication (2FA) codes, Lumma Stealer poses a serious risk to both personal and business security. Once installed, it collects and transmits stolen data to the attacker, allowing them to hijack user accounts, bypass 2FA protection, and sell information on the dark web.
This malware is constantly being updated by its creators, making it especially dangerous as it can evade detection from any outdated antivirus tool.
How Do the Hackers Do It?
It all starts when a victim visits an infected website. A malicious advertisement redirects them to a fake CAPTCHA page that instructs them to copy and paste commands into Windows Run.
Windows Run is a small box that lets users quickly open programs, files, or settings by typing commands. However, copying and executing unknown commands into this prompt extremely dangerous, as it can grant hackers direct access to your system.
By tricking victims into manually running the code, hackers bypass browser-based security measures that would otherwise block the malware.
How Can You Stay Safe?
The best advice: Never execute commands into Windows Run from untrusted sources. The Windows Run dialog is a direct gateway to critical system functions, making it a prime target for malicious attacks. If you’re ever prompted to enter code into “Windows Run,” stop and verify the request with a trusted IT source.
Additionally, follow these cybersecurity best practices to maintain your safety:
- Be wary of pop-ups and CAPTCHA pages that ask for unusual actions – beyond the typical image and word tests.
- Keep your browser and security software updated.
- Use multi-factor authentication (MFA) on all of your accounts for added protection.
- Use current and reputable anti-virus software which can signal when something is wrong with your computer.
Moral of the Story
There is no end to cybercriminals’ tricks and schemes, and fake CAPTCHAs are just the latest trick. Always keep an eye out for suspicious behavior, don’t fall into the trap of urgent messaging, and if you ever have any questions, do not hesitate to reach out. A few extra seconds can save you from serious data theft and financial loss.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, providing each one with white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth. To learn more, visit the20msp.com.
