HP’s Threat Insights Report has identified an increase in malicious CAPTCHA campaigns where users are tricked into installing the Lumma Stealer RAT (remote access trojan). The attacks exploit users’ ‘click tolerance’, manipulating them into completing falsified authentication challenges. HP recommended organisations reduce their attack surface by isolating risky actions. The report also revealed 11% of email threats bypassed gateway scanners, with executables being the most used malware delivery type.
Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware
Cybercriminals are tricking users into executing malicious PowerShell commands and malware using fake CAPTCHA challenges, as highlighted in HP Wolf Security’s March 2025 report. The
