CAPTCHA Archives

AppWizard

November 27, 2025

Epic Games Store Down Right Now? Why The PC Launcher Is Having Issues

The Epic Games Store is experiencing significant disruptions, with many PC players unable to log in, access their game libraries, or launch titles due to issues with Epic Online Services (EOS) login systems. An active incident titled “EOS Login Issues” has been logged for November 26, 2025, affecting not only the Epic Games Store but also popular games like Fortnite, Rocket League, and Fall Guys. Epic has acknowledged the problems and is investigating, but no timeline for resolution has been provided. Reports indicate that thousands of players are facing launcher errors and login loops. The root cause appears to be a malfunction within EOS, which is responsible for user authentication. Players are advised to check Epic’s status page and avoid local troubleshooting measures. The outage disrupts free game claims, store sales, and access to online titles, but players should not lose their games or purchases as they are linked to their Epic accounts.

TrendTechie

November 26, 2025

Официальный сайт Xubuntu был взломан — вместо торрента распространялся вредоносный файл для Windows

Recent advancements in user verification technology have introduced innovative methods to confirm user identity, enhancing security and user experience. One notable implementation is a visually engaging captcha system that combines graphical elements and interactive features, prompting users to confirm their humanity through simple actions. This system may include captivating SVG graphics requiring user interaction, such as checking a box, accompanied by messages like "Please verify you are a human." Additionally, developers are exploring machine learning algorithms to analyze user behavior patterns for better differentiation between human users and bots, reducing false positives and improving security without hindering legitimate users.

Winsage

November 25, 2025

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity experts have identified a new campaign that combines ClickFix tactics with counterfeit adult websites to trick users into executing harmful commands under the guise of a "critical" Windows security update. This campaign uses fake adult sites, including clones of popular platforms, as phishing mechanisms, increasing psychological pressure on victims. ClickFix-style attacks have risen significantly, accounting for 47% of all attacks, according to Microsoft data. The campaign features convincing fake Windows update screens that take over the user's screen and instruct them to execute commands that initiate malware infections. The attack begins when users are redirected to a fake adult site, where they encounter an "urgent security update." The counterfeit Windows Update screen is created using HTML and JavaScript, and it attempts to prevent users from escaping the alert. The initial command executed is an MSHTA payload that retrieves a PowerShell script from a remote server, which is designed to deliver multiple payloads, including various types of malware. The downloaded PowerShell script employs obfuscation techniques and seeks to elevate privileges, potentially allowing attackers to deploy remote access trojans (RATs) that connect to command-and-control servers. The campaign has been linked to other malware execution chains that also utilize ClickFix lures. Security researchers recommend enhancing defenses through employee training and disabling the Windows Run box to mitigate risks associated with these attacks.

Winsage

November 25, 2025

ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

A new wave of ClickFix attacks has emerged, using fake Windows Update screens and PNG image steganography to deploy infostealing malware like LummaC2 and Rhadamanthys. The attacks trick users into executing a command by pressing Win+R and pasting a command copied to their clipboard. Attackers have shifted from using “Human Verification” lures to more convincing full-screen fake Windows Update screens. The fake update prompts users to run a command that initiates mshta.exe with a URL containing a hex-encoded IP address, leading to the download of obfuscated PowerShell and .NET loaders. A notable feature of the campaign is the use of a .NET steganographic loader that hides shellcode within the pixel data of a PNG image, which is decrypted and reconstructed in memory. The shellcode is Donut-packed and injected into processes like explorer.exe using standard Windows APIs. Huntress has been monitoring these ClickFix clusters since early October, noting the use of the IP address 141.98.80[.]175 and various paths for the initial mshta.exe stage, with subsequent PowerShell stages hosted on domains linked to the same infrastructure. Despite the disruption of Rhadamanthys’ infrastructure in mid-November, active domains continue to serve the ClickFix lure, although the Rhadamanthys payload appears to be unavailable. To mitigate the attack, disabling the Windows Run box through Group Policy or registry settings is recommended, along with monitoring for suspicious activity involving explorer.exe. User education is critical, emphasizing that legitimate processes will not require pasting commands into the Run prompt. Analysts can check the RunMRU registry key to investigate potential ClickFix abuse.

Winsage

November 25, 2025

New ClickFix attacks use fake Windows Updates to swipe creds

A surge in ClickFix attacks is occurring, where attackers use deceptive Windows update screens to trick users into downloading infostealer malware. This method has become the primary means of initial access for cybercriminals, as reported by Microsoft. State-sponsored actors and organized crime groups are increasingly using this tactic. Huntress security experts have noted a shift from traditional prompts to convincing fake Windows update screens, showcasing the attackers' adaptability. Cyber adversaries are utilizing a steganographic loader to deliver infostealing malware like Rhadamanthys, encoding malicious code within PNG images to evade detection. Between September 29 and October 30, 2025, Huntress investigated 76 incidents linked to this campaign across various regions, with one incident involving the IP address 141.98.80[.]175. Victims typically visit a malicious site that triggers a full-screen blue Windows Update screen, leading them to install a “critical security update” through a series of commands. This process involves executing a command that runs PowerShell code to deploy a steganographic loader, ultimately leading to the installation of Rhadamanthys, which captures login credentials. Comments in the lure site's source code are in Russian, suggesting the attackers' identity remains unknown. As of November 19, multiple domains continue to host the lure page, although the payload is no longer actively hosted. Organizations can defend against these attacks by blocking access to the Windows Run box and educating employees about the ClickFix technique.

Winsage

November 16, 2025

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

Cybercriminals are using a tactic called ClickFix, which exploits the finger command to target Microsoft Windows users. This method involves social engineering, tricking users into interacting with a fraudulent captcha that prompts them to enter commands into the Windows run dialog. The execution of the finger command can provide attackers with sensitive information such as login names, home directory details, phone numbers, and user activity logs. Currently, this trend appears to be driven by a single threat actor, but the potential for widespread victimization is significant. Users should be cautious if a captcha requests them to enter commands, as this is not a standard practice.

AppWizard

September 27, 2025

Xbox Ally X pre-orders prove popular as retailers sell out in no time

The Asus ROG Xbox Ally X is available for pre-order, with significant demand leading to limited stock at various retailers. Pre-orders started on September 25, with the ROG Xbox Ally priced at 9.99 and the ROG Xbox Ally X at 9.99. The official release is set for October 16. Retailers like Walmart and Best Buy are offering pre-orders, but stock shortages are reported, particularly in the UK where the Xbox Ally X is out of stock. Some retailers have implemented measures like sign-in requirements and CAPTCHA due to high consumer interest. The design features Xbox branding and a controller-style grip, making it appealing to gamers.

Winsage

September 2, 2025

Threat Actors Exploit Windows Search in AnyDesk ClickFix Attack to Spread MetaStealer

Cybercriminals have developed a sophisticated variant of the ClickFix scam, utilizing human-verification social engineering and the Windows search protocol to deploy MetaStealer, an infostealer that steals credentials and sensitive data. The attack begins when a target searches for the legitimate AnyDesk tool and is redirected to a phishing page featuring a deceptive human-verification prompt. This page uses a search-ms URI scheme to connect to an attacker-controlled SMB share, presenting a malicious Windows shortcut disguised as a PDF. Executing this shortcut downloads the legitimate AnyDesk installer and retrieves a malicious "PDF" from an external server. The MSI package contains a dropper (ls26.exe) that operates similarly to known MetaStealer samples, scanning for browser credentials and exfiltrating data. The attack circumvents user suspicion by mimicking a legitimate application installation. Organizations are advised to implement strict application whitelisting, monitor Windows protocol handlers, educate users about suspicious prompts, and deploy detection rules to mitigate these threats.

Tech Optimizer

June 5, 2025

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Researchers at DomainTools Investigations (DTI) have identified counterfeit websites mimicking platforms like DocuSign and Gitcode, designed to lure users into downloading malware, specifically a remote access trojan (RAT). These fraudulent sites use tactics such as fake CAPTCHA prompts to enhance credibility and prompt users to download malicious software disguised as necessary updates. The operation employs a multi-stage downloader PowerShell script, reminiscent of older scams that alarmed users with popups about virus infections. Users are advised to be cautious with unfamiliar websites and verify the authenticity of download prompts.

Winsage

May 25, 2025

Windows Passwords Are Under Attack — Do These 7 Things Now

Microsoft Windows is a target for cybercriminals, particularly regarding password theft. Trend Micro has reported an increase in fraudulent Captcha attacks that trick users into executing malicious commands through the Windows Run dialog, leading to data theft and malware infections. These attacks utilize PowerShell and can deploy various malware types, including Lumma Stealer and AsyncRAT. Despite efforts to disrupt the Lumma Stealer network, threats persist, exploiting legitimate platforms. Microsoft recommends users adopt safer online practices and outlines seven mitigations for organizations: disable access to the Run dialog, apply least privilege, restrict access to unapproved tools, monitor unusual behavior, harden browser configurations, enable memory protection, and invest in user education.