Cybercriminals have been using sophisticated social engineering tactics to infect victims’ machines through clipboards, which are normally used for simple tasks like copying and pasting content.
The attacks typically begin on a website that promises visitors some attractive content, such as movies, music, or news articles. To verify users are not bots, the site asks them to press Ctrl + V after using a checkbox to copy text into the clipboard. However, this process is actually designed to infect users with malware.
Once the user follows the instructions, a malicious command is pasted into their clipboard, which triggers a Windows executable file called mshta.exe. The malicious file fetches data from a specified domain and runs an encoded Powershell command that downloads a payload, often stealing sensitive data.
To protect yourself from such attacks:
– Be cautious when provided with instructions by unknown websites.
– Use anti-malware solutions that block malicious websites and scripts.
– Utilize browser extensions that detect malicious domains and scams.
– Disable JavaScript in your browser before visiting unknown sites, but consider using separate browsers for different purposes due to potential website breaks.
Here’s how to disable JavaScript in popular browsers:
Chrome: Go to Settings > Privacy & security > Site settings > Content > JavaScript > Don’t allow sites to use JavaScript. Add specific sites by clicking on Block or Allow.
Firefox: Enter about:config and select Accept the Risk. Change javascript.enabled to false.
Opera: Launch Opera, click on settings, and choose Privacy & Security > Site Settings > JavaScript > Don’t allow sites to use JavaScript. Add specific sites in Not allowed to use JavaScript.
Edge: Go to Settings > Cookies and site permissions, then select JavaScript and toggle it off.
Remember, cybersecurity risks should never spread beyond a headline. Download Malwarebytes today to keep threats off your devices.
Source: https://www.malwarebytes.com/blog/news/2025/03/fake-captcha-websites-hijack-your-clipboard-to-install-information-stealers