In the latest episode of ‘We Swear We’re Totally Not Hacking You,’ Russian hackers have been spotted using ClickFix, a fake CAPTCHA that’s somehow even more irritating than the real thing, to spread their new espionage malware, affectionately dubbed LOSTKEYS. Because why settle for phishing, vishing, or smishing when you can make people lose their patience and their data all in one go?

The hacker group, known as COLDRIVER, apparently thought it was about time someone combined the rage-inducing brainpower of solving CAPTCHAs with the thrill of being spied on. LOSTKEYS, once clicked on by an unsuspecting victim who just wanted to prove they weren’t a robot, gets busy swiping files and sending system info straight back to hackers. It’s like a kleptomaniac’s dream come true.

Google’s Threat Analysis Group reported this new malware adventure, suggesting users employ advanced caution, or better still, avoid CAPTCHAs altogether unless they enjoy a side of espionage with their browsing. Meanwhile, reports suggest that the CAPTCHA technology may have accidentally solved the age-old mystery of why we’ve all been misplacing our car keys.