CAPTCHA Info Stealer

There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine.

I realize that may sound like something trivial to steer clear from, but apparently, it’s not because the social engineering behind it is pretty sophisticated.

At first, these attacks were more targeted at people that could provide cybercriminals a foothold at a targeted company, but their popularity has grown so much that now anyone can run into one of them.

It usually starts on a website that promises visitors some kind of popular content: Movies, music, pictures, news articles, you name it.

Nobody will think twice when they are asked to prove they are not a robot.

But the next step in this method isn’t what you would normally see. If you use the checkbox, you’ll be forwarded to something that looks like this:

“To better prove you are not a robot, please:

1. Press & hold the Windows Key + R.

2. In the verification windows, press Ctrl + V.

3. Press Enter on your keyboard to finish.

   
   

While these instructions may seem harmless enough, you will actually be infecting yourself with malware—most likely an information stealer. In the background, the website you visited copied a command to your clipboard. In Chromium based browsers (which are almost all the popular ones) a website can only write to your clipboard with your permission. But Windows was under the assumption that you agreed to that when you checked the checkbox in the first screen.

You were tricked into pasting their malicious code directly into your system.

How do you stay safe? Think it through, are you on a site that you visit often and trust? If you found your way to the site through a web search or clickable email link CLOSE THE TAB and do not proceed.

If you already ran the command...call your IT support desk immediately!