Tech Alert: Malicious reCAPTCHA Clone Asks You to Press Win+R and Ctrl+V Then Hijacks Your System!

Udaipur, Nov 30, 2025: Cybersecurity researchers are warning users that even the internet’s most familiar safety checks “Prove you’re not a robot” prompts—are being weaponized by scammers. The latest threat centers on ClickFix, a platform originally designed to help communities report issues related to public services and infrastructure. But a malicious variant of the platform is now being used to target Windows users with a fake human-verification workflow that installs malware instead of confirming legitimacy.

According to Huntress, the cybersecurity firm investigating the campaign, attackers are tricking victims into following a seemingly routine identity check. The page instructs users to press Windows Key + R, open the Run dialog, and then press Ctrl + V to paste a command that the page claims was automatically copied to their clipboard.

But the command is anything but harmless.

Once executed, it silently downloads and installs LummaC2 and Rhadamanthys, two notorious malware families designed to steal highly sensitive data. These infostealers can extract passwords, authentication tokens, browser cookies, and even business credentials posing a serious threat to both personal and enterprise security.

Huntress has been monitoring this rogue ClickFix campaign since early October, but the scale of impact remains unclear. Researchers say the attack method is particularly concerning because it blends social engineering with familiar OS shortcuts, giving victims a false sense of legitimacy.

In a further development, TraceX Labs has also raised concerns about this emerging tactic, warning that criminals are increasingly disguising malware behind common verification steps that users rarely question. The firm notes that this trend could lead to a surge in similar attacks across public-service portals and community-reporting platforms if not addressed swiftly.