Cybercriminals Steal Crypto via Fake CAPTCHA Prompts 17 Percent Bypass Security

Generated by AI AgentCoin World
Monday, Aug 18, 2025 6:12 pm ET2min read
Aime RobotAime Summary

- Cybercriminals use fake CAPTCHA prompts to deploy Lumma Stealer malware, stealing crypto wallet data via PowerShell commands on trusted sites.

- Fileless malware bypasses traditional antivirus by extracting browser credentials and crypto data without leaving disk traces, infecting 17% of users who followed prompts.

- Stolen crypto is laundered in under 3 minutes via automated tools and DEXs, complicating recovery efforts as hackers exploit speed as a key advantage.

- Experts warn of multi-layered threats combining phishing, malware, and rapid laundering, urging users to verify login prompts and adopt unique passwords for security.

Cybercriminals are deploying a sophisticated new method to steal cryptocurrency wallet data through deceptive CAPTCHA prompts that mimic legitimate security checks [1]. The malware, known as Lumma Stealer, is being delivered via fake CAPTCHA overlays on trusted websites, including a Greek banking portal [1]. When users encounter the prompt, they are instructed to press Windows + R and paste a command—leading to the silent execution of the malware via PowerShell outside the browser [1].

This fileless malware, once activated, is designed to extract sensitive information from the victim's system, including browser-stored credentials, cryptocurrency wallet data, and even password-manager vaults [1]. Researchers from DNSFilter, which first identified the attack, emphasized that Lumma Stealer operates without leaving files on the disk, making it particularly hard to detect using traditional antivirus methods [1].

The attack sequence is part of a coordinated phishing campaign involving multiple domains such as human-verify-7u.pages.dev and recaptcha-manual.shop, both of which mimic real CAPTCHA services [1]. DNSFilter’s case study highlights the speed and precision of the campaign, which was accessed 23 times in three days within their network [1]. Alarmingly, 17% of users who saw the fake CAPTCHA prompt followed the instructions and triggered the malware payload, indicating the vulnerability of even educated users to such social engineering tactics [1].

Cybercriminals are not only stealing data but also laundering stolen cryptocurrency with unprecedented speed. Recent reports indicate that hackers can move stolen assets through laundering networks in under three minutes, leaving victims with little to no chance of recovery [1]. Elliptic, a leading blockchain analytics firm, reported that automated laundering tools and decentralized exchanges (DEXs) are enabling faster money movement, complicating efforts to trace and intercept the stolen funds [1].

“Speed is now the hackers’ greatest weapon,” Elliptic noted in a recent analysis, emphasizing the challenges of real-time intervention [1]. Cybersecurity experts warn that these scams are not limited to corporate targets but can affect any individual user who encounters a seemingly legitimate CAPTCHA prompt [1].

Ken Carnesi, CEO and co-founder of DNSFilter, reiterated the importance of basic cybersecurity practices, such as using unique passwords and verifying the legitimacy of login prompts before responding [1]. Cameron G. Shilling, a cybersecurity expert, added that prompt action—within 24 to 72 hours—can increase the chances of recovering at least a portion of the stolen funds [1].

The incident underscores the growing sophistication of cybercriminal tactics in the cryptocurrency space. By combining phishing, malware, and rapid laundering, attackers are creating a multi-layered threat that is difficult to counter in real time [1]. As the

digital asset
industry expands, so too does the need for robust security measures that go beyond standard antivirus software [1].

[1] Source: [1] Hackers Unleash Devious Malware That Steals Crypto Wallet Data Via Fake Captcha: Report (https://cryptonews.com/news/hackers-unleash-devious-malware-that-steals-crypto-wallet-data-via-fake-captchas-report/)

Comments



Add a public comment...
No comments

No comments yet