The hackers use fake CAPTCHA pages—which are designed to mimic standard security checks—to trick users into installing malicious software (“Stealthy StealC Information Stealer”) via keyboard commands.

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Interactive, intuitive, and more user-friendly than classic text-based CAPTCHAs. Customizable UI and flexible configuration. No third-party services required. Everything are handled locally.