We’ve All Clicked One Before, Now Hackers Are Creating Fake CAPTCHAs to Steal Data

One report estimates about 2,000 websites have been affected.
We’ve All Clicked One Before, Now Hackers Are Creating Fake CAPTCHAs to Steal Data
In this image released on April 15, 2025, of a public display featuring the security CAPTCHA tool. "Real World Captchas" featured life-sized on the streets of Berlin, Singapore and Buenos Aires in March 2025. Marcos Brindicci/Getty Images for Tools for Humanity
Alfred Bui
Updated:
0:00

Over 2,000 websites globally and nearly 80 small to medium-sized Australian businesses have had their websites compromised by a sophisticated hacking scheme leveraging the familiar CAPTCHA prompt.

A new report (pdf) from Australian online security firm CyberCX revealed that a highly orchestrated phishing campaign, known as DarkEngine, is targeting WordPress websites in Australia and beyond.
Alfred Bui
Alfred Bui
Author
Alfred Bui is an Australian reporter based in Melbourne and focuses on local and business news. He is a former small business owner and has two master’s degrees in business and business law. Contact him at [email protected].