Helping to share the web since 1996


Malicious CAPTCHA on iClicker Site Tricked Users Into Installing Malware

a bathroom with a push sign on the wall

A well-known educational platform, iClicker.com, was recently compromised by hackers who used a deceptive CAPTCHA to distribute malware to unsuspecting visitors.

iClicker, widely used by educators for classroom polling and attendance, reportedly serves over 5,000 instructors and 7 million students. But for a few days in April, anyone visiting the site may have encountered a dangerous trap in the form of a counterfeit CAPTCHA challenge.

Instead of the typical image-based verification puzzle used to block bots, this bogus CAPTCHA instructed users to enter a sequence of keyboard commands: “Press Win + R,” “Press CTRL + V,” and then “Enter.” These steps, if followed, would launch the Windows Run dialog, paste in malicious code that had been covertly copied to the user’s clipboard, and execute it.

According to a warning issued by the University of Michigan, the embedded code functioned as a PowerShell script, designed to download further malware. This could give attackers remote control over the infected system.

The malicious CAPTCHA was only live on iClicker.com for a limited window, from April 12 to April 16. Anyone who visited the site during that time and followed the instructions may have unintentionally compromised their computer.

iClicker’s parent company, Macmillan Learning, has since acknowledged the breach. In a security statement, the company explained that an unauthorized party tampered with the site’s landing page before the login screen, adding a fake CAPTCHA in an attempt to trick users—similar to phishing attacks seen in email scams.

Notably, the company’s online statement about the issue was set to avoid being indexed by search engines, as reported by BleepingComputer. This move has raised questions about the transparency of their response.

It’s still unclear exactly which type of malware was delivered, but anyone who might have fallen for the scam should scan their system with reputable antivirus tools immediately. It’s also wise to reset any passwords saved in browsers, since malware often targets login credentials and cookies.

This incident is a stark reminder to be cautious with CAPTCHA prompts that involve unusual keyboard commands. Similar fraudulent tactics have been seen targeting gamers and other internet users.

Newer Articles

Older Articles

Back to news headlines