LummaStealer Is Back, and It's Using Fake CAPTCHAs
19 Feb 2026
LummaStealer (not to be confused with our very own Lumara) is back.
The major information-stealing malware was disrupted by Microsoft and the US Department of Justice in mid-2025, but recent reporting shows it has resurfaced with a new delivery method called ClickFix.
ClickFix relies on fake CAPTCHA prompts to trick users into running malicious commands. In a ClickFix scenario, users complete the familiar "verify you are human" prompt. Instead of validating access, clicking triggers malicious commands that deploy LummaStealer, allowing the malware to harvest critical data which could then be sold or passed to ransomware groups, including operators such as Octo Tempest.
A single fake CAPTCHA can open the door to full compromise. This threat highlights a critical gap: user behaviour is a primary attack surface. CAPTCHAs are designed as an additional layer of security, so most of us complete them without a second thought. This familiarity is what makes the attack effective. When security measures we trust can be weaponised against us, ongoing education is critical.
Part of our Technology Extensions, Lumara Educate addresses this gap. With adaptive, AI-powered phishing simulations that are tailored to each user's skill level and adjusted based on their responses, it builds pattern recognition for the subtle tells that separate real verification from social engineering. Through repeated exposure to modern tactics, your team develops the instinct to pause and assess before that automatic click takes over.
ClickFix is just the latest example of how social engineering continues to adapt. Whether it's a fake CAPTCHA, a convincing phishing email, or a fraudulent request that seems to come from a trusted source, these attacks exploit the trust your team places in familiar processes. With Lumara Educate, your people are empowered to better understand the tactics behind modern threats, moving beyond simply following protocols to recognising and responding to evolving attacks with real insight. Your team becomes the frontline defence that recognises manipulation before damage occurs, closing the human behaviour gap and transforming your weakest link into your strongest defence.
Learn more about Lumara Extensions.
We're extending many of our exisiting customers SecOps with Lumara Educate this year. If you'd like to level up, drop us a quick request via this form and we'll be in contact.
