Helping to share the web since 1996


Fake CAPTCHA Scam Targets Gamers with Password-Stealing Malware

person in black long sleeve shirt using macbook pro

A new fake CAPTCHA scam has been discovered, targeting users seeking pirated PC games like Black Myth: Wukong. McAfee, an antivirus provider, recently identified this malicious scheme on shady websites that claim to offer cracked versions of popular games such as Cities: Skylines II and Hogwarts Legacy.

According to McAfee, when users search for free or cracked versions of video games online, they may be redirected to fake forums or repositories that lead to dangerous links. These websites present what appears to be a CAPTCHA test, which normally verifies that a visitor is human. However, in this case, the fake CAPTCHA manipulates users into installing malware known as Lumma Stealer, which is designed to steal passwords.

The malicious CAPTCHA instructs users to perform certain keyboard actions, such as pressing “Windows + R” to open the Run dialog box, followed by “CTRL + V” and Enter. These commands paste a hidden PowerShell script that downloads and installs the Lumma Stealer malware on the user’s PC.

Security researchers first spotted this fake CAPTCHA method last month, and it has since spread, affecting users worldwide. The hackers behind the attack have also been distributing it through phishing emails, posing as GitHub notifications about fake security vulnerabilities.

McAfee warns users to be cautious when downloading pirated content or interacting with emails from unfamiliar sources, as hackers continue to exploit these methods to distribute malware.

Newer Articles

Older Articles

Back to news headlines