In a world where we’re already questioning if our CAPTCHA response is a crosswalk or a bike, attackers have upped the ante by introducing fake CAPTCHAs that even the bots can’t trust. If a bot can’t tell if it’s talking to another bot, how is a human supposed to feel secure?

Utilizing the time-tested philosophy of ‘If you can’t beat them, confuse them,’ hackers are now exploiting Microsoft’s Application Virtualization scripts to spread the joy of information-stealing malware. With so many CAPTCHAs these days, maybe they’re just giving us practice for brain-stimulating puzzles in our downtime.

As cyber defenders scratch their heads in disbelief, they have also discovered that the usual paths to execution are no longer valid. Much like a teenager trying to sneak out of the house using the back door, hackers are now using scripts to creatively bypass the typical, easily recognizable routes. At this point, the only thing not being virtualized is our sanity.