Cybercriminals are using fake CAPTCHA interfaces that mimic Cloudflare Turnstile to trick users into executing malicious PowerShell commands. The attack exploits 'verification fatigue' by presenting legitimate-looking security checks that guide users through key combinations (Win+R, Ctrl+V, Enter) to unknowingly run malware. This ClickFix technique delivers information stealers like Lumma and Stealc, as well as remote access trojans, without requiring file downloads. The campaign succeeds by leveraging trusted branding and users' conditioned response to quickly bypass security prompts.
Sort: