Recently a security partner, Arctic Wolf, made us aware of an ongoing malicious campaign using fake CAPTCHA challenges.  CAPTCHA challenges typically work to ensure user interaction is human and not from a "bot" by having users click certain pictures or check a box.  

The current malicious campaign involves compromised websites presenting users with a fake CAPTCHA that redirects to a malicious site.  There, users are provided instructions leading to installation of malware on the device.  Below is a screenshot of a malicious CAPTCHA. 

Legitimate CPATCHA challenges do not require users to copy a command or output and paste into the Windows Run dialog box.  If the challenge resembles the example above, the website is likely compromised. Please contact HelpDesk if you come across a malicious CAPTCHA challenge.