Fake CAPTCHA websites hijack your clipboard to install information stealers


There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated.

At first, these attacks were more targeted at people that could provide cybercriminals a foothold at a targeted company, but their popularity has grown so much that now anyone can run into one of them. It usually starts on a website that promises visitors some kind of popular content: Movies, music, pictures, news articles, you name it. Nobody will think twice when they are asked to prove they are not a robot.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter


Related:

  • Ghostcommit attack hides malicious AI instructions in images

    July 13, 2026

    Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images. The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to follow those instructions during a ...

  • EU-UK sanctions target Russia over Europe-wide ‘vast cyber campaign’

    July 13, 2026

    The European Union and the UK have announced coordinated sanctions against Russia after accusing Moscow’s FSB intelligence agency of carrying out a cyber attack in December targeting Poland’s energy grid and orchestrating a wider campaign of digital sabotage across Europe. The joint measures focus on individuals and organisations linked to Russia’s security services, with the EU ...

  • Trump administration subpoenas New York Times journalists over new Air Force One reporting

    July 11, 2026

    The Trump administration has issued subpoenas to several New York Times journalists after the newspaper reported on security concerns with the president’s new plane. The Times said its journalists were subpoenaed on Friday by the US justice department to testify before a federal grand jury in Manhattan five days later, marking the latest effort by the Trump White ...

  • Ukrainians are using VPNs to cause havoc in Russia by changing fuel station statuses on maps in a bid to cause chaos and confusion

    July 11, 2026

    A coordinated online campaign has reportedly encouraged users to alter fuel station information on digital maps across Russia, creating confusion among drivers. The activity involves changing station statuses by marking locations with available fuel as empty or showing closed stations as operational. Supporters of the campaign claim the effort is designed to disrupt travel decisions, increase uncertainty, ...

  • Supermarket chain Lidl warns customers after data leak

    July 10, 2026

    Unknown individuals managed to gain access to customer data held by the supermarket chain Lidl. The German company informed affected customers of this via email this week. Thus far, the supermarket chain has declined to say how many customers were affected. However, the discount retailer did state that it has notified the Dutch Data Protection Authority. Read ...

  • No Manners Here: The Ruthless Rise of The Gentlemen Ransomware

    July 10, 2026

    The Gentlemen (aka Storm-2697) is a Ransomware-as-a-Service (RaaS) program active since at least July 2025. Public reporting indicates that the operators were likely active months earlier as an affiliate (known as ArmCorp) of Qilin RaaS, which Unit 42 tracks as Spikey Scorpius. Their ransomware variants are written in both C and Go programming languages, enabling ...