Malware Fake CAPTCHA Placed on Ekrem İmamoğlu Official Site

Fake captcha verification asks you to open Terminal – PowerShell, paste the automatically copied code and press Enter. Code at a glance "verification code" It looks like this, but it is actually a hidden PowerShell command.

Examining the obfuscated code, it appears that it downloaded an .exe to the Windows Temp folder and ran it secretly. The file name trying to download is Toolkit_latest_v9.3.exe

The link goes to the following domain: cdnupdatenews[.]top/dl?fid=41

Likely "ClickFix" style fake CAPTCHA malware attack. Verify you are human" The PowerShell command is run under the pretext and the system may be infected with malware such as infostealer – loader – rat.

The site or something connected to the site may have been compromised. It is also known as ClickFix attack. There is no captcha type that can be verified from the terminal.