Hackers Use Fake CAPTCHA Schemes to Steal Info on Devices

Got story updates? Submit your updates here. ›

Hackers are using fake CAPTCHA pages to trick users into downloading malware that steals passwords, login info, cookies, and screenshots from their devices. The 'StealC' virus is activated when users follow instructions to open a command box and paste a script, believing they are fixing a CAPTCHA error. Experts warn users to be wary of any CAPTCHA pages that ask them to perform unusual actions, and recommend using passkeys and multi-factor authentication to stay safe.

Why it matters

CAPTCHA verification is a common security measure used across the internet, so these fake CAPTCHA schemes have the potential to impact a wide range of users. The StealC virus can give hackers access to sensitive personal and financial information, putting victims at risk of identity theft and fraud.

The details

According to the Identity Theft Resource Center, a normal CAPTCHA typically just asks users to click a button and perform a photo match or fill in a text box. However, the fake CAPTCHA pages instruct users to hit a specific set of keys, like Windows Key + R, then Ctrl +V, in order to 'fix' an alleged error. In reality, this opens a command box and pastes a script that downloads the StealC malware onto the user's device.

• The Identity Theft Resource Center reported on this new CAPTCHA-based hacking scheme in April 2026.

What’s next

The Identity Theft Resource Center recommends that anyone who may have fallen victim to this CAPTCHA scam should immediately disconnect their device from the internet, change all passwords on a clean device, and scan their system for viruses. The ITRC also provides assistance to affected individuals.