{"id":2179,"date":"2025-08-28T10:21:47","date_gmt":"2025-08-28T15:21:47","guid":{"rendered":"https:\/\/forwardtechnologies.com\/?p=2179"},"modified":"2025-08-28T10:32:37","modified_gmt":"2025-08-28T15:32:37","slug":"shadowcaptcha-wordpress-malware-campaign","status":"publish","type":"post","link":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/","title":{"rendered":"Malicious CAPTCHA Redirects Turn WordPress Sites into Malware Launchpads"},"content":{"rendered":"<p><img decoding=\"async\" class=\"size-medium wp-image-2180 alignleft lazyload\" data-src=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025-300x200.png\" alt=\"\" width=\"300\" height=\"200\" data-srcset=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025-300x200.png 300w, https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025-1024x683.png 1024w, https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025-768x512.png 768w, https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025.png 1536w\" data-sizes=\"auto\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 300px; --smush-placeholder-aspect-ratio: 300\/200;\" data-original-sizes=\"(max-width: 300px) 100vw, 300px\" \/>A sinister campaign known as <strong>ShadowCaptcha<\/strong> is using over 100 compromised WordPress sites as unwitting hosts, redirecting visitors to fake CAPTCHA pages. These deceptive pages trigger malware delivery ranging from credential stealers to ransomware and cryptocurrency miners.<\/p>\n<p>Researchers from Israel\u2019s National Digital Agency revealed that ShadowCaptcha merges social engineering with living-off-the-land tactics. Attackers aim to steal credentials, exfiltrate browser information, deploy cryptomining software, or trigger ransomware\u2014depending on the route the victim takes.<!--more--><\/p>\n<h2>The Attack Path<\/h2>\n<p>Visitors to infected WordPress sites get redirected via injected JavaScript to counterfeit Cloudflare or Google CAPTCHA screens. A deceptive prompt involving \u201cClickFix\u201d appears next, guiding users down one of two malicious routes:<\/p>\n<ul>\n<li><strong>Route 1:<\/strong> Uses the Windows Run dialog to deploy <em>Lumma<\/em> and <em>Rhadamanthys<\/em> infostealers via MSI installers or HTA payloads executed with <code>mshta.exe<\/code>.<\/li>\n<li><strong>Route 2:<\/strong> Instructs users to save and run an HTML Application (HTA) file manually, which then installs <em>Epsilon Red ransomware<\/em>.<\/li>\n<\/ul>\n<h2>Tricks, Evasions, and Stealth<\/h2>\n<p>ShadowCaptcha is designed to evade detection. It employs anti-debugger code to block browser developer tools, uses DLL side-loading to disguise malware as legitimate processes, and copies malicious commands to the clipboard using <code>navigator.clipboard.writeText<\/code>, tricking users into pasting them blindly.<\/p>\n<p>Some variants also install <strong>XMRig cryptocurrency miners<\/strong>, with dynamic configuration pulled from Pastebin. In some cases, the malware drops a driver named <code>WinRing0x64.sys<\/code> to gain kernel-level access and increase mining efficiency.<\/p>\n<h2>Who\u2019s Being Targeted?<\/h2>\n<p>The compromised WordPress sites span Australia, Brazil, Italy, Canada, Colombia, and Israel. Impacted industries include technology, hospitality, finance, healthcare, and real estate.<\/p>\n<p>While exact infection vectors are still being studied, researchers believe the attackers are exploiting <strong>vulnerable plugins<\/strong> or logging in using <strong>stolen administrator credentials<\/strong>.<\/p>\n<h2>Meet the Help TDS Ecosystem<\/h2>\n<p>ShadowCaptcha links to a larger malware-as-a-service framework known as <strong>Help TDS<\/strong>, which has operated since at least 2017. Help TDS provides attackers with PHP templates that inject malicious code into WordPress sites, often leading to tech support scams and fraudulent landing pages.<\/p>\n<p>At the center of this infrastructure is a malicious plugin named <code>woocommerce_inputs<\/code>, disguised as a WooCommerce extension. It&#8217;s now believed to be installed on over 10,000 sites worldwide. The plugin conducts credential harvesting, enforces geo-targeting, hides its presence, and supports remote updates through built-in C2 logic.<\/p>\n<h2>Why This Matters<\/h2>\n<p>ShadowCaptcha isn\u2019t just another malware campaign\u2014it\u2019s a signal that cybercrime is evolving. By combining deceptive UI elements, legitimate Windows tools, and modular malware kits, attackers are able to shift tactics fluidly. Whether they\u2019re after passwords, computing power, or ransom payouts depends on what makes the most money in the moment.<\/p>\n<h2>What You Can Do<\/h2>\n<ul>\n<li>Train users to treat CAPTCHA pages with caution, even those with familiar branding.<\/li>\n<li>Enable multi-factor authentication (MFA) on all WordPress admin accounts.<\/li>\n<li>Audit plugins regularly, especially for fakes posing as WooCommerce extensions.<\/li>\n<li>Segment your network to limit damage from breaches and prevent lateral movement.<\/li>\n<li>Monitor for indicators of compromise such as unknown database entries or scheduled tasks.<\/li>\n<li>Maintain regular offline backups and monitor site integrity.<\/li>\n<li>Deploy intrusion detection systems (IDS) or web application firewalls (WAFs) to catch redirect attempts.<\/li>\n<\/ul>\n<p>As attacks like ShadowCaptcha become more sophisticated, security hygiene isn\u2019t optional\u2014it\u2019s survival.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A sinister campaign known as ShadowCaptcha is using over 100 compromised WordPress sites as unwitting hosts, redirecting visitors to fake CAPTCHA pages. These deceptive pages trigger malware delivery ranging from credential stealers to ransomware and cryptocurrency miners. Researchers from Israel\u2019s National Digital Agency revealed that ShadowCaptcha merges social engineering with living-off-the-land tactics. Attackers aim to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2180,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[38,37,324],"tags":[392,379,389,378,143,387,375,390,383,377,298,381,376,382,386,164,373,388,385,380,391,374,384],"class_list":{"0":"post-2179","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog","8":"category-cybersecurity","9":"category-webdev","10":"tag-browser-exploit","11":"tag-clickfix-attack","12":"tag-compromised-wordpress-plugins","13":"tag-crypto-miners","14":"tag-cybersecurity","15":"tag-cybersecurity-news","16":"tag-fake-captcha","17":"tag-help-tds","18":"tag-hta-payload","19":"tag-info-stealers","20":"tag-infostealer","21":"tag-javascript-injection","22":"tag-malware-campaigns","23":"tag-mshta-exe","24":"tag-phishing-redirect","25":"tag-ransomware","26":"tag-shadowcaptcha","27":"tag-web-application-firewall","28":"tag-winring0x64-sys","29":"tag-woocommerce-plugin-threat","30":"tag-woocommerce_inputs","31":"tag-wordpress-security","32":"tag-xmrig","33":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\r\n<title>ShadowCaptcha Attack Hijacks WordPress Sites to Deliver Malware, Ransomware, and Miners - Chicago IT Support &amp; Cyber Security | Forward Technologies<\/title>\r\n<meta name=\"description\" content=\"A stealthy campaign called ShadowCaptcha is exploiting WordPress sites to spread ransomware, info stealers, and cryptominers using fake CAPTCHA pages.\" \/>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"ShadowCaptcha Attack Hijacks WordPress Sites to Deliver Malware, Ransomware, and Miners - Chicago IT Support &amp; Cyber Security | Forward Technologies\" \/>\r\n<meta property=\"og:description\" content=\"A stealthy campaign called ShadowCaptcha is exploiting WordPress sites to spread ransomware, info stealers, and cryptominers using fake CAPTCHA pages.\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/\" \/>\r\n<meta property=\"og:site_name\" content=\"Chicago IT Support &amp; Cyber Security | Forward Technologies\" \/>\r\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForwardTechnologies\" \/>\r\n<meta property=\"article:published_time\" content=\"2025-08-28T15:21:47+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2025-08-28T15:32:37+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025-1024x683.png\" \/>\r\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\r\n\t<meta property=\"og:image:height\" content=\"683\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\r\n<meta name=\"author\" content=\"Edward Silha\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Edward Silha\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/\"},\"author\":{\"name\":\"Edward Silha\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/person\\\/feb8ae7ba8b41e1e93b9ef28f4733cff\"},\"headline\":\"Malicious CAPTCHA Redirects Turn WordPress Sites into Malware Launchpads\",\"datePublished\":\"2025-08-28T15:21:47+00:00\",\"dateModified\":\"2025-08-28T15:32:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/\"},\"wordCount\":523,\"publisher\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/FTBLOG_AUG282025.png\",\"keywords\":[\"browser exploit\",\"ClickFix attack\",\"compromised WordPress plugins\",\"crypto miners\",\"cybersecurity\",\"cybersecurity news\",\"fake CAPTCHA\",\"Help TDS\",\"HTA payload\",\"info stealers\",\"infostealer\",\"JavaScript injection\",\"malware campaigns\",\"mshta.exe\",\"phishing redirect\",\"ransomware\",\"ShadowCaptcha\",\"web application firewall\",\"WinRing0x64.sys\",\"WooCommerce plugin threat\",\"WooCommerce_inputs\",\"WordPress security\",\"XMRig\"],\"articleSection\":[\"Blog\",\"Cybersecurity\",\"WebDev\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/\",\"name\":\"ShadowCaptcha Attack Hijacks WordPress Sites to Deliver Malware, Ransomware, and Miners - Chicago IT Support &amp; Cyber Security | Forward Technologies\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/FTBLOG_AUG282025.png\",\"datePublished\":\"2025-08-28T15:21:47+00:00\",\"dateModified\":\"2025-08-28T15:32:37+00:00\",\"description\":\"A stealthy campaign called ShadowCaptcha is exploiting WordPress sites to spread ransomware, info stealers, and cryptominers using fake CAPTCHA pages.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/FTBLOG_AUG282025.png\",\"contentUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/FTBLOG_AUG282025.png\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/shadowcaptcha-wordpress-malware-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/forwardtechnologies.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malicious CAPTCHA Redirects Turn WordPress Sites into Malware Launchpads\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#website\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/\",\"name\":\"Chicago IT Support &amp; Cyber Security | Forward Technologies\",\"description\":\"Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/forwardtechnologies.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#organization\",\"name\":\"Forward Technologies\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/Forward-Technologies-Website-header-260x100-1.png\",\"contentUrl\":\"https:\\\/\\\/forwardtechnologies.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/Forward-Technologies-Website-header-260x100-1.png\",\"width\":260,\"height\":100,\"caption\":\"Forward Technologies\"},\"image\":{\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ForwardTechnologies\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/forwardtechnologies.com\\\/#\\\/schema\\\/person\\\/feb8ae7ba8b41e1e93b9ef28f4733cff\",\"name\":\"Edward Silha\"}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ShadowCaptcha Attack Hijacks WordPress Sites to Deliver Malware, Ransomware, and Miners - Chicago IT Support &amp; Cyber Security | Forward Technologies","description":"A stealthy campaign called ShadowCaptcha is exploiting WordPress sites to spread ransomware, info stealers, and cryptominers using fake CAPTCHA pages.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/","og_locale":"en_US","og_type":"article","og_title":"ShadowCaptcha Attack Hijacks WordPress Sites to Deliver Malware, Ransomware, and Miners - Chicago IT Support &amp; Cyber Security | Forward Technologies","og_description":"A stealthy campaign called ShadowCaptcha is exploiting WordPress sites to spread ransomware, info stealers, and cryptominers using fake CAPTCHA pages.","og_url":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/","og_site_name":"Chicago IT Support &amp; Cyber Security | Forward Technologies","article_publisher":"https:\/\/www.facebook.com\/ForwardTechnologies","article_published_time":"2025-08-28T15:21:47+00:00","article_modified_time":"2025-08-28T15:32:37+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025-1024x683.png","type":"image\/png"}],"author":"Edward Silha","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Edward Silha","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#article","isPartOf":{"@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/"},"author":{"name":"Edward Silha","@id":"https:\/\/forwardtechnologies.com\/#\/schema\/person\/feb8ae7ba8b41e1e93b9ef28f4733cff"},"headline":"Malicious CAPTCHA Redirects Turn WordPress Sites into Malware Launchpads","datePublished":"2025-08-28T15:21:47+00:00","dateModified":"2025-08-28T15:32:37+00:00","mainEntityOfPage":{"@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/"},"wordCount":523,"publisher":{"@id":"https:\/\/forwardtechnologies.com\/#organization"},"image":{"@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025.png","keywords":["browser exploit","ClickFix attack","compromised WordPress plugins","crypto miners","cybersecurity","cybersecurity news","fake CAPTCHA","Help TDS","HTA payload","info stealers","infostealer","JavaScript injection","malware campaigns","mshta.exe","phishing redirect","ransomware","ShadowCaptcha","web application firewall","WinRing0x64.sys","WooCommerce plugin threat","WooCommerce_inputs","WordPress security","XMRig"],"articleSection":["Blog","Cybersecurity","WebDev"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/","url":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/","name":"ShadowCaptcha Attack Hijacks WordPress Sites to Deliver Malware, Ransomware, and Miners - Chicago IT Support &amp; Cyber Security | Forward Technologies","isPartOf":{"@id":"https:\/\/forwardtechnologies.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#primaryimage"},"image":{"@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025.png","datePublished":"2025-08-28T15:21:47+00:00","dateModified":"2025-08-28T15:32:37+00:00","description":"A stealthy campaign called ShadowCaptcha is exploiting WordPress sites to spread ransomware, info stealers, and cryptominers using fake CAPTCHA pages.","breadcrumb":{"@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#primaryimage","url":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025.png","contentUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2025\/08\/FTBLOG_AUG282025.png","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/forwardtechnologies.com\/shadowcaptcha-wordpress-malware-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/forwardtechnologies.com\/"},{"@type":"ListItem","position":2,"name":"Malicious CAPTCHA Redirects Turn WordPress Sites into Malware Launchpads"}]},{"@type":"WebSite","@id":"https:\/\/forwardtechnologies.com\/#website","url":"https:\/\/forwardtechnologies.com\/","name":"Chicago IT Support &amp; Cyber Security | Forward Technologies","description":"Chicago-based Forward Technologies delivers IT support and cyber security to businesses in the Chicago area and nationwide.","publisher":{"@id":"https:\/\/forwardtechnologies.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/forwardtechnologies.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/forwardtechnologies.com\/#organization","name":"Forward Technologies","url":"https:\/\/forwardtechnologies.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/forwardtechnologies.com\/#\/schema\/logo\/image\/","url":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2017\/01\/Forward-Technologies-Website-header-260x100-1.png","contentUrl":"https:\/\/forwardtechnologies.com\/wp-content\/uploads\/2017\/01\/Forward-Technologies-Website-header-260x100-1.png","width":260,"height":100,"caption":"Forward Technologies"},"image":{"@id":"https:\/\/forwardtechnologies.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForwardTechnologies"]},{"@type":"Person","@id":"https:\/\/forwardtechnologies.com\/#\/schema\/person\/feb8ae7ba8b41e1e93b9ef28f4733cff","name":"Edward Silha"}]}},"_links":{"self":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/posts\/2179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/comments?post=2179"}],"version-history":[{"count":0,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/posts\/2179\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/media\/2180"}],"wp:attachment":[{"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/media?parent=2179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/categories?post=2179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forwardtechnologies.com\/wp-json\/wp\/v2\/tags?post=2179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}