There’s a worrying new alert for Windows 10 and Windows 11 users and it’s definitely not a warning PC users should ignore. The latest caution to affect those using these hugely popular operating systems comes from the security team at McAfee who say they have spotted a new type of attack that uses the trusted CAPTCHA pop-up alerts to infect devices.
Most laptop users will be well aware of the CAPTCHA windows that appear now and again in a bid to confirm that users are real people and not system-attacking robots. These “Are you human” alerts aren’t anything new and most of us are fully accustomed to clicking the “I’m not a robot” box to continue browsing.
However, it appears cyber crooks are now using this platform as a way of infecting unsuspecting Windows users with data-stealing malware.
According to McAfee Labs, the attack starts with a fake CAPTCHA window that appears during browsing sessions. It looks pretty harmless but it packs a nasty and very vicious surprise.
Once the pop-up opens, a message appears with the usual “I’m not a robot” button. However, once this is clicked a malicious PowerShell script is copied to the clipboard which users are then prompted to execute by following some simple pasting instructions on the screen.
Along with this attack taking place via fake websites, McAfee also says attackers are sending out emails as well with links to websites where the same installation process takes place.
“By leveraging fake CAPTCHA pages, attackers deceive users into executing malicious scripts that bypass detection, ultimately leading to malware installation,” McAfee explained.
“The use of multi-layered encryption further complicates detection and analysis, making these attacks more sophisticated and harder to prevent.”
If you are worried about this new type of attack, then it’s wise to avoid unofficial websites or internet pages that offer free streams or cheap game downloads.
Always verify URLs in emails, especially from unknown or unexpected sources and restrict clipboard-based scripts and disable automatic script execution.
Finally, it’s a good idea to keep antivirus solutions updated and actively scanning for threats.