Cyberattacks

ShadowCaptcha Campaign Hijacks 100+ WordPress Sites to Spread Malware

Cybercriminals exploit 100+ WordPress sites, using fake CAPTCHA to spread ransomware, steal data, and mine cryptocurrency.

By Content Team

Aug 26, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are exploiting over 100 compromised WordPress sites in a campaign called ShadowCaptcha, first detected in August 2025 by Israel's National Digital Agency. The attack redirects visitors to fake CAPTCHA pages that trick users into downloading ransomware, cryptocurrency miners, and data-stealing malware.

The scam uses social engineering tactics called ClickFix, automatically copying malicious commands to users' clipboards and instructing them to paste and run the code. Victims end up infected with Lumma and Rhadamanthys stealers, Epsilon Red ransomware, or XMRig cryptocurrency miners.

Most targeted sites are in Australia, Brazil, Italy, Canada, Colombia, and Israel across various industries. The campaign demonstrates how attackers now combine multiple attack methods for maximum profit.

Source: The Hacker News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Tech-Savvy Zillennial Falls for Banking Scam Despite Cybersecurity Training

Feb 2, 2026

'PackageGate' Vulnerabilities Expose JavaScript Package Managers to Supply Chain Attacks

Jan 27, 2026

87,000+ MongoDB Databases Exposed to Critical MongoBleed Vulnerability

Dec 28, 2025

Substack Confirms Data Breach Affecting 700,000 Users After Hacker Leaks Information

Feb 6, 2026