- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Hackers Use Fake CAPTCHA Schemes to Steal Info on Devices
Cybercriminals exploit CAPTCHA verification to install malware and access sensitive data
Apr. 19, 2026 at 9:20pm
Got story updates? Submit your updates here. ›
Hackers leverage fake CAPTCHA pages to secretly install malware that steals sensitive user data from infected devices.Today in TampaHackers are using fake CAPTCHA pages to trick users into downloading malware that steals passwords, login information, cookies, and screenshots from their devices. The 'StealC' virus targets computers when users try to 'fix' a supposed CAPTCHA error by entering a specific key command, which actually opens a script to install the malicious program.
Why it matters
CAPTCHA verification is a common security measure used by many websites, so hackers exploiting this trusted system to distribute malware is a significant threat to online privacy and account security. This scam highlights the need for increased vigilance and stronger authentication methods to protect against information-stealing cyberattacks.
The details
The fake CAPTCHA pages claim there is an error and instruct users to hit a specific key combination, like Windows Key + R then Ctrl + V, to 'fix' the problem. However, this actually opens a command box and pastes a script that installs the StealC virus, which then searches the infected device for sensitive data to steal.
- The Identity Theft Resource Center first identified the StealC virus and fake CAPTCHA scam in April 2026.
The players
Identity Theft Resource Center
A nonprofit organization that provides assistance and resources to victims of identity theft and cybercrime.
What’s next
The Identity Theft Resource Center advises those who may have fallen victim to the fake CAPTCHA scam to immediately disconnect from the internet, change passwords on a clean device, scan for viruses, and monitor bank accounts for any suspicious activity.
The takeaway
This CAPTCHA-based malware scheme highlights the evolving tactics of cybercriminals and the need for users to be extremely cautious when encountering any unexpected CAPTCHA verification requests, as well as the importance of using strong authentication methods like passkeys and multi-factor authentication to protect against information theft.
Tampa top stories
Tampa events
Apr. 21, 2026
Maren Morris: The Dreamsicle Tour
Apr. 21, 2026
USF Choral Ensembles
Apr. 22, 2026
BOYS LIKE GIRLS - The Soundtrack Of Your Life Tour