A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Microsoft researchers found a ClickFix campaign that uses the nslookup tool to have users infect their own system with a Remote Access Trojan.