Verification CAPTCHA Spreads Malware to Windows Users
January 27, 2025
That familiar CAPTCHA challenge we’re asked to do proving we’re not robots is getting some Windows users in trouble. Hackers are using their own bogus CAPTCHA pages to sneak malware onto Windows devices. It looks like this is one-time that Windows users may pay the price for not being a robot. The good news is, there’s a way to tell when you’re being targeted.
Whether we’re clicking a box, choosing frames where an item is showing, or typing-in random letters, most of us are used to CAPTCHA as security steps proving we’re human. And now, this is the vehicle hackers are focusing on to deliver Lumma Stealer, an info-stealing malware. This successful campaign has been spotted in various places across the globe and it’s growing fast.
What Lumma Stealer Steals
Like a lot of info-stealers, Lumma goes after device and system data including your personally identifiable information (PII). Aside from stealing documents, pics and videos from compromised devices, Lumma also steals PII like usernames and passwords, and payment card and banking details. In short, Lumma Stealer steals what’s needed to hijack your privacy, money, and your identity.
CAPTCHA Crime Clues
There are clues when CAPTCHA verification pages aren’t what they claim to be. Users are unknowingly sent to a fake CAPTCHA page taking just one click to start a chain reaction releasing Lumma Stealer. Then, the usual one or two “prove you’re a human” requirements are replaced with a number of seemingly never-ending verification hoops to jump through. That’s the point where this CAPTCHA crime is on a roll installing Lumma through your system.
So, when your Windows CAPTCHA starts adding an unusual amount of verification steps, it’s time to stop following them. You already know you’re human and proving it with CAPTCHA should never take more than one or two Windows commands.
SUBSCRIBE TO WEEKLY NEWSLETTER
