New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer

Blackpoint Cyber discovered a new Fake CAPTCHA campaign that tricks users into installing Amatera Stealer. By abusing legitimate Microsoft scripts and hiding malicious code in Google Calendar and PNG images, this attack bypasses standard security to harvest private passwords and browser data.

On Friday, January 23, 2026, the cyber threat monitoring firm Blackpoint Cyber revealed a clever new way that hackers are tricking people into infecting their own computers. This latest scheme uses a fake “I am not a robot” check to bypass security and install a data-stealing program called Amatera Stealer.

How the Trap Works

Most of us are used to clicking boxes or identifying traffic lights to prove we are human. However, this attack uses a Fake CAPTCHA, Blackpoint Cyber’s researchers explained in the blog post shared with Hackread.com. Instead of a simple click, the website asks the user to perform keyboard shortcuts like pressing the ...