We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:HTML/FakeCaptcha!rfn
Aliases: No associated aliases
Summary
Trojan:HTML/FakeCaptcha is a social engineering attack used by threat actors to use a fake captcha to deceive users into copying and pasting malicious PowerShell code into the Windows Terminal. The attack basically tests human tendencies to solve problems quickly when faced with urgent or authoritative prompts. While ClickFix might look like just another routine “Verify You Are a Human” CAPTCHA-style prompt, this familiar appearance hides a serious threat wherein users are led through three seemingly harmless keystrokes that initiate malware installation.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
