Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a verification method used to distinguish humans from machines, preventing automated activities such as spam or Distributed Denial-of-Service (DDoS) attacks on websites. Recently, cybercriminals have increasingly faked Captcha systems to trick users, steal personal information, banking and credit card accounts, passwords, and even gain full control of victims’ devices—turning them into nodes in a botnet for DDoS attacks or installing ransomware to encrypt data and demand payment.

To lure victims, attackers create fake websites offering pirated movies, cracked software downloads, or send phishing emails with links redirecting users to “Captcha verification” pages. In reality, these Captchas are traps to install viruses and malware.

Bkav experts warn: If a Captcha box appears on an unfamiliar site asking you to download files, enable notifications, scan QR codes, or copy-paste commands, it is highly likely a scam trap. Always verify the URL (type the official address manually if necessary), never click “allow” on suspicious websites, do not copy-paste commands into a terminal, and avoid downloading apps from unverified links.

Users should enable two-factor authentication, keep their operating systems up to date, and install professional antivirus software. If infection is suspected, immediately disconnect from the Internet, change all passwords from a safe device, and perform a full system scan. Note that built-in antivirus solutions bundled with operating systems only provide basic protection and are not sufficient against modern ransomware and advanced malware designed to persist and deeply embed within systems.

Bkav