UMass Amherst Information Technology (IT) is aware of a new threat involving fake or fraudulent Captchas on third-party websites which may result in your device being compromised, putting accounts and data at risk of exposure.
The Information Security team has observed threat actors adding malicious code to compromised websites, which mimics the appearance and function of an ordinary Google Captcha - but adds a final step requesting the users take an action which will result in code being executed on their device.
Do not paste unknown code or text into your computer's Start menu, Run dialog, Command Prompt, or Terminal.
These actions are extremely dangerous, and no legitimate website will ask you to perform them.
If you believe your device has been compromised, please contact the IT Service Desk as soon as possible.
Students: Use Antivirus or scan with a malware removal tool.