Fake CAPTCHA Attack: How Hackers Use Trusted Websites to Steal Passwords

Security researchers at Rapid7 have identified a sophisticated scam involving fake CAPTCHA screens on over 250 trusted websites, including local news pages and a US Senate candidate's official site. Hackers exploit user trust by creating CAPTCHA imitations that resemble Cloudflare verification pages, prompting users to execute malicious PowerShell commands that can steal passwords and cryptocurrency wallets. This scam, which began in December 2025, is particularly insidious as the malware runs directly in the computer's memory, making it difficult to detect with standard scanning tools, and is available in 31 languages. The attack underscores the importance of robust security practices, such as using multi-factor authentication and AI-driven visual testing, to detect unauthorized changes and protect against threats that exploit user habits and trusted platforms.