Behind the CAPTCHA: A Clever Gateway of Malware

McAfee Labs observed a global ClickFix campaign that lures victims to fake CAPTCHA pages—delivered via cracked-game download redirects and GitHub-impersonation phishing—where malicious JavaScript/PowerShell is copied to the clipboard and tricked into execution (via Win+R/mshta), resulting in Lumma Stealer being downloaded and run; the report includes technical analysis, IoCs (URLs and SHA256 hashes), and mitigation recommendations.