Do not complete the captcha test: New Windows password theft warning

With Piratement attacks of password Firmly in the actor’s threat actor, and those cybercriminals always come up Increasingly cunning attack methods To help them, this last warning of security experts must be taken very seriously by Windows users. These captcha tests to show that you are human and not a bot are not only annoying as devils, but that they can be dangerous. Here is why you should not complete this captcha test in particular if it is presented.

Forbes70 -year -old women’s parks car: becomes a player while hackers attackBy Davey wind

What you need to know about these dangerous captcha tests

The use of Captcha tests (represents a completely automated Turing Turing Turing Turing Turing to distinguish computers and humans, in case it has been asked) of the threat actors is not new; On October 26, 2024, I reported how a group of Russian piracy was pointing to Ukrainian victims using a malicious version of Google Recachaha “I’m not a robberyDialogue T ”.

At that time, I said that technology such as the Automatic Verification System based on the Apple server to avoid completing captcha tests manually for iOS users, along with a propensity to use browser extensions that also help defeat things It meant that you can see less day to day. The problem is that they are not the same, and when they face a captcha, we are probably more inclined to complete it as quickly as possible and go where we were trying to obtain. Especially when it is considered that the mechanism against the button itself, in part now because it is not seen so frequently, has been hooded even more confidence than when we face them every five minutes.

ForbesPresentation of Ghostgpt: The new AI of the cyber crime used by the computer piratesBy Davey wind

The last captcha test attack warning

The last warning comes from Leandro Fróes, a senior research engineer with the Netskope Laboratory threatsand confirms a new threat campaign that is delivering the Lumma Stealer malware capable of obtaining its passwords and other confidential data. “The campaign is global,” said Fróes, pointing to victims in “Argentina, Colombia, the United States, the Philippines and other countries in the world.” Nor does he care that the industrial sector is attacked, with everything, from medical care, banking, marketing and telecommunications industry in the sights so far.

The key findings of the Netskope Amenic Labs report were:

• The new Lumma Stealer campaign uses false captchas on multiple new websites, using evil and multiple evasion techniques to lead Windows users worldwide.
• The infection chain itself, initiated by fake captcha instructions, requires that the victim run a command from its clipboard using the Windows Run command. This makes it very difficult for browser -based defenses.

ForbesHow to get windows 11 free before the ending of Windows 10 endsBy Davey wind

Mitigate the threat of malware of Windows Captcha

In the current campaign, the false captcha instructs the user to open the Windows execution window by pressing Windows+R, hitting the content of the clipboard in the run window using Ctrl+V, and then pressing Enter to run it. “This specific sequence is essential for the successful execution of the next stage,” said Fróes, “and only works in Windows environments.” What leads me to the most apparent mitigation: ask when you have been asked to do something like this before completing a captcha? Seriously, don’t be that reliable. Not all threats require sophisticated IA -driven attack methodsMost still use tricks to infect you. Take your time, think about what you are asked to do and make a sensible decision.