Summary:
- The article discusses a new Windows PowerShell phishing attack that uses a fake CAPTCHA download to trick users into installing a credential stealer malware.
- The attack starts with a phishing email that claims the recipient needs to verify their account by downloading a CAPTCHA image, but the downloaded file is actually a malicious PowerShell script that steals login credentials.
- Security researchers warn that this type of attack is becoming more common as cybercriminals find new ways to bypass security measures and trick users into installing malware.