A malware scam uses fake CAPTCHA pages—and it’s way smarter than you'd expect. This attack tricks users into copying and pasting a legit-looking message into Windows… but what it actually does is unleash a stealthy infostealer. The attack uses hacked WordPress sites, hidden JavaScript, clipboard tricks, and even auto dealership websites via a shady video player. Researchers found it’s not just one infostealer. Admins are being urged to patch, lock down credentials, and watch for signs of this creepy trick. This isn’t your typical phishing scam. Are we watching the rise of the most deceptive malware tactic of 2025? Stay safe, stay sharp.