{"id":3172,"date":"2025-04-28T13:50:05","date_gmt":"2025-04-28T20:50:05","guid":{"rendered":"https:\/\/blogs.ufv.ca\/itservices\/?p=3172"},"modified":"2025-04-28T13:50:05","modified_gmt":"2025-04-28T20:50:05","slug":"fake-captcha-pages-spreading-malware","status":"publish","type":"post","link":"https:\/\/blogs.ufv.ca\/itservices\/2025\/04\/fake-captcha-pages-spreading-malware\/","title":{"rendered":"Fake CAPTCHA pages spreading malware"},"content":{"rendered":"<p><strong>There is a sneaky new technique to get malware onto your system;<\/strong> attackers are now creating fake CAPTCHA pages to trick you into running commands that will compromise your device.<\/p>\n<p><span data-teams=\"true\">You&#8217;re probably familiar with CAPTCHA challenges. Websites use them to distinguish humans from bots, often with a &#8220;verify you are human&#8221; checkbox or a task like making you select all the bicycles in the squares. But recently, attackers have been creating fake CAPTCHA challenges that trick you into running malicious commands instead.<\/span><\/p>\n<p><span data-teams=\"true\">These fake CAPTCHA pages appear on ordinary websites that have been hacked, or illegitimate websites pushed through ads.<br \/>\n<\/span><\/p>\n<p><span data-teams=\"true\"><strong>Example of fake CAPTCHA steps:<\/strong><\/span><\/p>\n<ol>\n<li>Press Win + R\u00a0 <em>(this opens the Run dialog box);<\/em><\/li>\n<li>Press CTRL + V\u00a0 <em>(the website places text into the clipboard &#8211; invisible to you &#8211; and this step pastes the contents from the clipboard into the text field of the Run box);<\/em><\/li>\n<li><span data-teams=\"true\">Press Enter\u00a0 <em>(this executes the code you pasted into the Run box, and downloads the malware).<\/em><\/span><\/li>\n<\/ol>\n<p><span data-teams=\"true\"><strong>How to recognize a fake CAPTCHA:<\/strong><\/span><\/p>\n<ul>\n<li><span data-teams=\"true\"> Legitimate CAPTCHA will NEVER ask you to copy\/paste text or run commands on your system<\/span><\/li>\n<li><span data-teams=\"true\">Legitimate CAPTCHA will NEVER ask you to login, send payment, or ask for other sensitive informatio<\/span><\/li>\n<li><span data-teams=\"true\">As a general rule, do not execute any commands given by websites, especially those pretending to be fixes or CAPTCHAs.<\/span><\/li>\n<\/ul>\n<p><span data-teams=\"true\">If you think you encounter a fake CAPTCHA page, close your web browser. Do not interact with the website. Then, report the fake CAPTCHA to<em> cybersecurity@ufv.ca<\/em> or <a href=\"https:\/\/itservicedesk.ufv.ca\/TDClient\/52\/ITServicesPortal\/Requests\/ServiceDet?ID=451\">submit a ticket to the IT Service Desk<\/a>.<br \/>\n<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is a sneaky new technique to get malware onto your system; attackers are now creating fake CAPTCHA pages to trick you into running commands that will compromise your device. You&#8217;re probably familiar with CAPTCHA challenges. Websites use them to distinguish humans from bots, often with a &#8220;verify you are human&#8221; checkbox or a task [&hellip;]<\/p>\n","protected":false},"author":254,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[186],"tags":[],"class_list":["post-3172","post","type-post","status-publish","format-standard","hentry","category-cybersecurity"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6AzwP-Pa","_links":{"self":[{"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/posts\/3172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/users\/254"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/comments?post=3172"}],"version-history":[{"count":11,"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/posts\/3172\/revisions"}],"predecessor-version":[{"id":3184,"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/posts\/3172\/revisions\/3184"}],"wp:attachment":[{"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/media?parent=3172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/categories?post=3172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ufv.ca\/itservices\/wp-json\/wp\/v2\/tags?post=3172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}