Updated
Updated · Fox News · May 24
Identity Theft Resource Center Warns Fake CAPTCHA Scam Installs StealC via 3-Key Command
Updated
Updated · Fox News · May 24

Identity Theft Resource Center Warns Fake CAPTCHA Scam Installs StealC via 3-Key Command

4 articles · Updated · Fox News · May 24
  • A growing fake CAPTCHA scam is tricking users into launching StealC malware by following on-screen prompts to press Windows+R, paste a command and hit Enter.
  • The attack works by copying a malicious script to the victim's clipboard, then using the Run window to execute it without a download button or obvious warning.
  • StealC can quietly harvest saved passwords, browser sessions, autofill data and cryptocurrency wallet details, leaving victims unaware until accounts are accessed.
  • The center said a legitimate CAPTCHA will never ask users to open a command window, use keyboard shortcuts or paste commands; if that happens, close the page immediately.
  • If the commands were run, users should disconnect from the internet, scan the device, change passwords from another device and enable 2FA to limit damage.
If new malware can bypass your multi-factor authentication, what truly keeps your accounts secure?
As AI crafts flawless scam sites, is human vigilance still enough to protect us online?

Related Stories

Fox NewsMay 24
infostealers.comMay 24
PCMagMay 24
InstagramMay 24