Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
USD1 Genesis
The post Fake CAPTCHAs, crypto disappeared in 3 minutes with the PowerShell trick appeared on BitcoinEthereumNews.com. A wave of fake CAPTCHA is leading users to execute PowerShell on Windows, triggering the crypto thief Lumma Stealer. According to an analysis by DNSFilter, 23 interactions in 72 hours were recorded, with 17% of visitors following the instructions displayed on the screen (DNSFilter). Immediate result: crypto wallets emptied and funds laundered in less than 3 minutes. According to the data collected by the incident response teams that analyzed the blocked pages between August 14 and 17, 2025, the operational window to prevent the first transfer of funds is often less than 180 seconds. Industry analysts also note that campaigns with persuasive overlays record conversion rates between 12% and 20%, consistent with the 17% detected by DNSFilter. Key data: 17% of “conversion” upon command execution. Tactic: verification overlay that simulates an anti-bot check and guides the execution of PowerShell. Impact: theft of credentials, cookies, 2FA, and wallet crypto with almost instant monetization. An example of false CAPTCHA that prompts a “manual” verification: a warning sign not to be overlooked. How the deception works: from the fake “I am not a robot” to in-memory malware The false CAPTCHAs mimic the classic “I’m not a robot,” but instead of validating access, they prompt the user to press Windows+R and paste a command. This initiates a PowerShell execution that downloads and loads into memory a DLL linked to Lumma Stealer, often using a fileless technique to evade traditional antivirus software.  Malware can disable or bypass runtime controls like AMSI (Antimalware Scan Interface) to hide payloads loaded in memory. An interesting aspect is the speed of collection: once active, the malware extracts saved passwords, cookies, session tokens, 2FA codes, and cryptocurrency wallet data. The case observed by DNSFilter: overlay on legitimate sites The alert was triggered when a managed provider detected a verification overlay… The post Fake CAPTCHAs, crypto disappeared in 3 minutes with the PowerShell trick appeared on BitcoinEthereumNews.com. A wave of fake CAPTCHA is leading users to execute PowerShell on Windows, triggering the crypto thief Lumma Stealer. According to an analysis by DNSFilter, 23 interactions in 72 hours were recorded, with 17% of visitors following the instructions displayed on the screen (DNSFilter). Immediate result: crypto wallets emptied and funds laundered in less than 3 minutes. According to the data collected by the incident response teams that analyzed the blocked pages between August 14 and 17, 2025, the operational window to prevent the first transfer of funds is often less than 180 seconds. Industry analysts also note that campaigns with persuasive overlays record conversion rates between 12% and 20%, consistent with the 17% detected by DNSFilter. Key data: 17% of “conversion” upon command execution. Tactic: verification overlay that simulates an anti-bot check and guides the execution of PowerShell. Impact: theft of credentials, cookies, 2FA, and wallet crypto with almost instant monetization. An example of false CAPTCHA that prompts a “manual” verification: a warning sign not to be overlooked. How the deception works: from the fake “I am not a robot” to in-memory malware The false CAPTCHAs mimic the classic “I’m not a robot,” but instead of validating access, they prompt the user to press Windows+R and paste a command. This initiates a PowerShell execution that downloads and loads into memory a DLL linked to Lumma Stealer, often using a fileless technique to evade traditional antivirus software.  Malware can disable or bypass runtime controls like AMSI (Antimalware Scan Interface) to hide payloads loaded in memory. An interesting aspect is the speed of collection: once active, the malware extracts saved passwords, cookies, session tokens, 2FA codes, and cryptocurrency wallet data. The case observed by DNSFilter: overlay on legitimate sites The alert was triggered when a managed provider detected a verification overlay…

Fake CAPTCHAs, crypto disappeared in 3 minutes with the PowerShell trick

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/08/19 22:06
5 min read
Prompt
PROMPT$0.03114-2.16%
MemeCore
M$2.67668+2.02%
Sign
SIGN$0.03225+2.34%
LIKE
LIKE$0.001063-0.65%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

A wave of fake CAPTCHA is leading users to execute PowerShell on Windows, triggering the crypto thief Lumma Stealer. According to an analysis by DNSFilter, 23 interactions in 72 hours were recorded, with 17% of visitors following the instructions displayed on the screen (DNSFilter). Immediate result: crypto wallets emptied and funds laundered in less than 3 minutes.

According to the data collected by the incident response teams that analyzed the blocked pages between August 14 and 17, 2025, the operational window to prevent the first transfer of funds is often less than 180 seconds. Industry analysts also note that campaigns with persuasive overlays record conversion rates between 12% and 20%, consistent with the 17% detected by DNSFilter.

  • Key 17% of “conversion” upon command execution.
  • Tactic: verification overlay that simulates an anti-bot check and guides the execution of PowerShell.
  • Impact: theft of credentials, cookies, 2FA, and wallet crypto with almost instant monetization.

An example of false CAPTCHA that prompts a “manual” verification: a warning sign not to be overlooked.

How the deception works: from the fake “I am not a robot” to in-memory malware

The false CAPTCHAs mimic the classic “I’m not a robot,” but instead of validating access, they prompt the user to press Windows+R and paste a command. This initiates a PowerShell execution that downloads and loads into memory a DLL linked to Lumma Stealer, often using a fileless technique to evade traditional antivirus software. 

Malware can disable or bypass runtime controls like AMSI (Antimalware Scan Interface) to hide payloads loaded in memory. An interesting aspect is the speed of collection: once active, the malware extracts saved passwords, cookies, session tokens, 2FA codes, and cryptocurrency wallet data.

The case observed by DNSFilter: overlay on legitimate sites

The alert was triggered when a managed provider detected a verification overlay on a European banking site: it displayed a fake DNS error and required a “manual verification.” The user was then guided to execute PowerShell, initiating the download and execution of the Lumma payload. In three days, 23 similar pages were blocked; it should be noted that almost 1 in 6 users followed the proposed steps.

Timeline of a theft in 3 minutes

  1. Entry: the user visits a legitimate site or a cloned page; a false CAPTCHA with DNS error appears.
  2. Social engineering: the page invites to “validate” access with Windows+R and a precompiled command.
  3. Execution: PowerShell disables controls like AMSI, loads a Lumma Stealer DLL, and remains in memory (fileless).
  4. Exfiltration: the malware collects browser credentials, cookies, 2FA, seed, and wallet data from crypto.
  5. Monetization: the keys are used to transfer funds on DEX and mixers; laundering occurs in minutes.

Spread, variants, and related domains

The campaign has been detected repeatedly in a narrow range, with pages changing domain and graphics to evade blocks. Not all variants are fileless: some offer an executable download disguised as a “verifier.” In this context, among the domains observed in similar campaigns are human-verify-7u.pages.dev and recaptcha-manual.shop.

Why the recovery of crypto is so difficult

The speed is the main weapon of the attack. Once stolen, the funds are moved to DEX and automation tools that fragment the transactions. For this reason, the on-chain analysis teams report that laundering can occur in a few minutes, making recovery extremely complex.

Technical indicators (for SOC/IT)

  • Observed Domains/URLs: human-verify-7u.pages.dev, recaptcha-manual.shop, variants on “human-verify” and “recaptcha-manual” subdomains.
  • Tactics, Techniques, Procedures (TTP): social engineering via overlay; execution of PowerShell with AMSI deactivation; DLL loading in memory (fileless); credential collection from browser and wallet.
  • Endpoint anomaly signals: powershell.exe process launched by explorer.exe/win+r; immediate network activity post-execution; access to browser profile directories.
  • Page pattern: fake DNS error + request for “manual verification” with Windows+R combination and “copy/paste”.

Legal notice: share IOCs responsibly; avoid spreading executable commands or payloads.

Quick Guide: Immediate Defense

  1. Do not paste commands suggested by web pages or pop-ups.
  2. Set up DNS blocks and content filtering for suspicious domains and malvertising categories.
  3. Limit the execution of PowerShell scripts for non-administrator users; enable Constrained Language Mode where possible.
  4. Enable and monitor AMSI and EDR solutions with rules on processes in memory.
  5. Separate the use of wallets from the main browser; prefer hardware wallets.
  6. Disable password saving in the browser; use a password manager with MFA.
  7. Train users with real examples of phishing and fake CAPTCHA on sensitive sites.

Countermeasures for companies

  • Network segmentation and blocks at the proxy/DNS level for newly registered domains and “human-verify/recaptcha-manual” patterns.
  • Policy clipboard on managed devices; alert when a site induces copy/paste of commands.
  • Threat hunting on chains of process injection and on anomalous executions of powershell.exe.
  • Immediate escalation playbook: host isolation, session revocation, credential rotation, invalidation of token and cookie.

Limiting the damage after the theft

  • Immediately isolate the device and revoke active sessions on critical services.
  • Regenerate seed phrase and move the funds to secure, uncompromised wallets.
  • Enable MFA on apps independent of the browser; avoid mechanisms linked to cookie or synchronized sessions.

FAQ

How to recognize a fake CAPTCHA?

Be cautious of pages that ask for Windows+R, copy/paste of commands, or download of “verifiers”. In case of doubt, check the URL and close the page.

Is it always a fileless attack?

No. Some variants download a traditional executable; others operate entirely in memory to reduce traces on disk.

Which data are they aiming to steal?

Credentials of browsers, cookies, 2FA, data and keys of wallet crypto.

Sources and insights

Source: https://en.cryptonomist.ch/2025/08/19/fake-captchas-crypto-disappeared-in-3-minutes-the-powershell-trick-of-lumma-stealer-deceives-1-in-6-users/

Market Opportunity
Prompt Logo
Prompt Price(PROMPT)
$0.03114
$0.03114$0.03114
-3.74%
USD
Prompt (PROMPT) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Tags:
#On-chain#DEX

You May Also Like

Senate moves on coinbase CLARITY Act as stablecoin

Senate moves on coinbase CLARITY Act as stablecoin

The post Senate moves on coinbase CLARITY Act as stablecoin appeared on BitcoinEthereumNews.com. US lawmakers are edging closer to a comprehensive crypto market
Share
BitcoinEthereumNews2026/04/02 22:00
Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025

Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025

BitcoinWorld Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 Are you ready to witness a phenomenon? The world of technology is abuzz with the incredible rise of Lovable AI, a startup that’s not just breaking records but rewriting the rulebook for rapid growth. Imagine creating powerful apps and websites just by speaking to an AI – that’s the magic Lovable brings to the masses. This groundbreaking approach has propelled the company into the spotlight, making it one of the fastest-growing software firms in history. And now, the visionary behind this sensation, co-founder and CEO Anton Osika, is set to share his invaluable insights on the Disrupt Stage at the highly anticipated Bitcoin World Disrupt 2025. If you’re a founder, investor, or tech enthusiast eager to understand the future of innovation, this is an event you cannot afford to miss. Lovable AI’s Meteoric Ascent: Redefining Software Creation In an era where digital transformation is paramount, Lovable AI has emerged as a true game-changer. Its core premise is deceptively simple yet profoundly impactful: democratize software creation. By enabling anyone to build applications and websites through intuitive AI conversations, Lovable is empowering the vast majority of individuals who lack coding skills to transform their ideas into tangible digital products. This mission has resonated globally, leading to unprecedented momentum. The numbers speak for themselves: Achieved an astonishing $100 million Annual Recurring Revenue (ARR) in less than a year. Successfully raised a $200 million Series A funding round, valuing the company at $1.8 billion, led by industry giant Accel. Is currently fielding unsolicited investor offers, pushing its valuation towards an incredible $4 billion. As industry reports suggest, investors are unequivocally “loving Lovable,” and it’s clear why. This isn’t just about impressive financial metrics; it’s about a company that has tapped into a fundamental need, offering a solution that is both innovative and accessible. The rapid scaling of Lovable AI provides a compelling case study for any entrepreneur aiming for similar exponential growth. The Visionary Behind the Hype: Anton Osika’s Journey to Innovation Every groundbreaking company has a driving force, and for Lovable, that force is co-founder and CEO Anton Osika. His journey is as fascinating as his company’s success. A physicist by training, Osika previously contributed to the cutting-edge research at CERN, the European Organization for Nuclear Research. This deep technical background, combined with his entrepreneurial spirit, has been instrumental in Lovable’s rapid ascent. Before Lovable, he honed his skills as a co-founder of Depict.ai and a Founding Engineer at Sana. Based in Stockholm, Osika has masterfully steered Lovable from a nascent idea to a global phenomenon in record time. His leadership embodies a unique blend of profound technical understanding and a keen, consumer-first vision. At Bitcoin World Disrupt 2025, attendees will have the rare opportunity to hear directly from Osika about what it truly takes to build a brand that not only scales at an incredible pace in a fiercely competitive market but also adeptly manages the intense cultural conversations that inevitably accompany such swift and significant success. His insights will be crucial for anyone looking to understand the dynamics of high-growth tech leadership. Unpacking Consumer Tech Innovation at Bitcoin World Disrupt 2025 The 20th anniversary of Bitcoin World is set to be marked by a truly special event: Bitcoin World Disrupt 2025. From October 27–29, Moscone West in San Francisco will transform into the epicenter of innovation, gathering over 10,000 founders, investors, and tech leaders. It’s the ideal platform to explore the future of consumer tech innovation, and Anton Osika’s presence on the Disrupt Stage is a highlight. His session will delve into how Lovable is not just participating in but actively shaping the next wave of consumer-facing technologies. Why is this session particularly relevant for those interested in the future of consumer experiences? Osika’s discussion will go beyond the superficial, offering a deep dive into the strategies that have allowed Lovable to carve out a unique category in a market long thought to be saturated. Attendees will gain a front-row seat to understanding how to identify unmet consumer needs, leverage advanced AI to meet those needs, and build a product that captivates users globally. The event itself promises a rich tapestry of ideas and networking opportunities: For Founders: Sharpen your pitch and connect with potential investors. For Investors: Discover the next breakout startup poised for massive growth. For Innovators: Claim your spot at the forefront of technological advancements. The insights shared regarding consumer tech innovation at this event will be invaluable for anyone looking to navigate the complexities and capitalize on the opportunities within this dynamic sector. Mastering Startup Growth Strategies: A Blueprint for the Future Lovable’s journey isn’t just another startup success story; it’s a meticulously crafted blueprint for effective startup growth strategies in the modern era. Anton Osika’s experience offers a rare glimpse into the practicalities of scaling a business at breakneck speed while maintaining product integrity and managing external pressures. For entrepreneurs and aspiring tech leaders, his talk will serve as a masterclass in several critical areas: Strategy Focus Key Takeaways from Lovable’s Journey Rapid Scaling How to build infrastructure and teams that support exponential user and revenue growth without compromising quality. Product-Market Fit Identifying a significant, underserved market (the 99% who can’t code) and developing a truly innovative solution (AI-powered app creation). Investor Relations Balancing intense investor interest and pressure with a steadfast focus on product development and long-term vision. Category Creation Carving out an entirely new niche by democratizing complex technologies, rather than competing in existing crowded markets. Understanding these startup growth strategies is essential for anyone aiming to build a resilient and impactful consumer experience. Osika’s session will provide actionable insights into how to replicate elements of Lovable’s success, offering guidance on navigating challenges from product development to market penetration and investor management. Conclusion: Seize the Future of Tech The story of Lovable, under the astute leadership of Anton Osika, is a testament to the power of innovative ideas meeting flawless execution. Their remarkable journey from concept to a multi-billion-dollar valuation in record time is a compelling narrative for anyone interested in the future of technology. By democratizing software creation through Lovable AI, they are not just building a company; they are fostering a new generation of creators. His appearance at Bitcoin World Disrupt 2025 is an unmissable opportunity to gain direct insights from a leader who is truly shaping the landscape of consumer tech innovation. Don’t miss this chance to learn about cutting-edge startup growth strategies and secure your front-row seat to the future. Register now and save up to $668 before Regular Bird rates end on September 26. To learn more about the latest AI market trends, explore our article on key developments shaping AI features. This post Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 first appeared on BitcoinWorld.
Share
Coinstats2025/09/17 23:40
The Nationwide Tug-of-War over Prediction Markets

The Nationwide Tug-of-War over Prediction Markets

The post The Nationwide Tug-of-War over Prediction Markets appeared on BitcoinEthereumNews.com. A contentious legal battle in the United States over the classification
Share
BitcoinEthereumNews2026/04/09 17:42

Trending News

More

Oil: Ceasefire fragility tempers price reaction – Rabobank

XRP vs BNB Heats Up for 4th Spot as BTC Hits Resistance at $73K: Market Watch

Why Netflix (NFLX) Stock Surged 30% After Ditching the Warner Bros. Discovery Deal

WLFI Crisis: Desperate Investor Reveals Shorting is the Sole Path to Recover Catastrophic Losses

Anthropic code leak exposes Claude AI internals after release error

24/7 Live News

More

ZEC at resistance; rejection suggests downside, break above flips to support. Bias: short, awaiting displacement.

Author: Nehal17:08

Iran grants 2-week safe passage through Strait of Hormuz, potential impact on global trade and crypto market logistics.

Author: Nehal16:52

SOLANA mentioned in community engagement tweet, potential sentiment boost.

Author: Berra16:34

Gold price in Turkey drops significantly, impacting XAUT-related market sentiment and potential trading behaviors.

Author: Rockerfeller16:29

Morgan Stanley's Bitcoin ETF acquired 444 BTC on launch day, marking a significant ETF debut.

Author: CryptoSavingExpert ®15:50

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$71,196.65
$71,196.65$71,196.65

-0.15%

Ethereum Logo

Ethereum

ETH

$2,182.22
$2,182.22$2,182.22

-1.49%

Solana Logo

Solana

SOL

$82.22
$82.22$82.22

-1.35%

XRP Logo

XRP

XRP

$1.3327
$1.3327$1.3327

-1.66%

Bittensor Logo

Bittensor

TAO

$323.66
$323.66$323.66

-3.87%

$30,000 in PRL + 15,000 USDT

$30,000 in PRL + 15,000 USDT$30,000 in PRL + 15,000 USDT

Deposit & trade PRL to boost your rewards!