- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Hackers Use Fake CAPTCHA Schemes to Steal Info on Devices
Cybercriminals trick users into downloading malware by exploiting CAPTCHA verification processes
Apr. 17, 2026 at 11:20pm
Got story updates? Submit your updates here. ›
A glowing, cyberpunk-inspired CAPTCHA box symbolizes the growing threat of hackers exploiting common security measures to distribute malware.Today in TampaHackers are using fake CAPTCHA pages to trick users into downloading a virus called StealC onto their devices. The virus steals passwords, login information, cookies, and screenshots of user activity. Victims are tricked into opening a command box and pasting a script that installs the malware, which can go undetected until accounts are compromised.
Why it matters
CAPTCHA verification is a common security measure used by websites, but hackers have found a way to exploit this process to infect devices with malware. As more daily activities move online, protecting against these types of social engineering attacks is crucial to safeguarding personal and financial information.
The details
The fake CAPTCHA pages claim there is an error and ask users to hit a specific key combination, like Windows Key + R then Ctrl + V, to fix the problem. In reality, this opens a command box and pastes a script that installs the StealC virus, which can steal passwords, login info, cookies, and screenshots from the infected device.
- The Identity Theft Resource Center first identified the StealC virus in April 2026.
The players
Identity Theft Resource Center
A nonprofit organization that provides assistance to victims of identity theft and cybercrime.
What’s next
The Identity Theft Resource Center recommends that anyone who may have fallen victim to the fake CAPTCHA scheme should immediately disconnect their device from the internet, change all passwords on a clean device, scan for viruses, and monitor their accounts for any suspicious activity.
The takeaway
This case highlights the evolving tactics of cybercriminals who are exploiting common security measures like CAPTCHA to steal sensitive information. Staying vigilant and using multi-factor authentication can help protect against these types of social engineering attacks that target unsuspecting users.
Tampa top stories
Tampa events
Apr. 17, 2026
Breakaway Tampa 2026
Apr. 17, 2026
The Lightning Thief
Apr. 18, 2026
The Lightning Thief