HP Wolf Security Says Hackers Are Exploiting CAPTCHA To Spread Malware

SMALL hero captcha hackers ai generated

A few weeks ago, we reported a study alleging that CAPTCHA does not deter bots and that Google merely uses it to collect and sell data. This week, HP Wolf Security researchers have launched a new complaint against CAPTCHA in the latest edition of the HP Threat Insights Report. This time, however, the complaint has nothing to do with Google; instead, it’s about threat actors who infect victims’ devices with malware by tricking them into engaging in fake CAPTCHA challenges.

The March 2025 edition of the HP Threat Insights report identified a number of hacking campaigns taking this approach, including “CAPTCHA Me If You Can,” Python script attacks, End-Users’ Webcams, and Microphone attacks.
hp wolf security threat insights report

With the CAPTCHA Me If You Can Attack, victims are tricked with fake CAPTCHAs. After clicking the challenge, the system would make it appear as though it wasn’t convinced that the user is human. Users will then be referred to a malicious website where they can complete more difficult human verification tasks. While completing this challenge, hackers wait in ambush with their malware traps. Cybercriminals have designed these traps to manipulate victims into executing a malicious PowerShell script, which victims will most likely execute unconsciously. The result? A Lumma Stealer remote access trojan (RAT) is installed allowing hackers to steal personal information, credentials, banking details, and other vital information.

HP also revealed that cybercriminals are launching a series of end-user webcams and microphone surveillance attacks, and many users are falling victim. After users are tricked into compromising their devices, attackers can record videos and snap pictures through victims’ webcams and microphones. It was also reported that during these attacks, malicious actors use phishing or other social engineering tricks to lure victims into activating macros in Word and Excel documents. This eventually helps attackers gain unwarranted privileges on users’ devices.

fake captcha challenges hp wolf security

Image: HP Wolf Security

The report exposed how malicious actors compromise devices with malicious PDFs and Python script attacks. Bad actors embed malicious JavaScript codes in vector SVG files to do this. The HP Threat Insights Report published more details about how these attacks are carried out and how to avoid them.

The use of the CAPTCHA test might be linked to its popularity among many internet users. Simply getting people to click it instead of a conspicuous phishing link is easier for hackers. No wonder HP Wolf security has reported that these attacks are on the rise, and we all need to be alert to avoid falling victim. The report revealed that the most common cyber attacks in last year’s final quarter were associated with fake CAPTCHAs.
malicious powershell hp wolf security
Image: HP Wolf Security

Global Head of Security at HP, Dr Ian Pratt, recommended that users and individuals shrink “their attack surface by isolating risky actions – such as clicking on things that could harm them. That way, they don’t need to predict the next attack; they’re already protected.”

This report reinforces the fact that bad actors will stop at nothing to carry out their illicit motives. However, with extra caution, users can be in control and avoid their ever-evolving traps.