A new scam is bypassing traditional security warnings by weaponizing a process millions trust: the CAPTCHA check.
The Identity Theft Resource Center has issued a warning about a scheme where a fake verification prompt instructs users to press Windows + R, then Ctrl + V, and Enter. These steps open the Run dialog and execute a malicious script already copied to the clipboard.
Security researchers report the scam commonly delivers StealC malware. This program operates silently, harvesting saved passwords, browser sessions, autofill data, and cryptocurrency wallet details.
Legitimate CAPTCHAs will never ask you to open a command window or paste commands. If you see such instructions, close the page immediately.
Steps to stay safe:
- Never follow keyboard instructions from a website.
- Close the page immediately without interacting further.
- Use robust antivirus software.
- Consider a data removal service to limit exposure.
- Keep your system updated.
- Change passwords from a separate device if you suspect exposure.
- Monitor accounts for unusual activity.
If you ran the commands:
- Disconnect from the internet.
- Run a full antivirus scan.
- Change passwords from another device.
- Enable two-factor authentication.
Scammers are blending into everyday online habits. Trust your instincts: if a CAPTCHA asks you to press keys, it's a trap.