A large-scale fake captcha campaign has been distributing Lumma info-stealer malware through malvertising techniques. The campaign, relying on a single ad network, delivers over 1 million daily ad impressions, causing thousands of daily victims to lose their accounts and money. The malicious activity is propagated through a network of 3,000+ content sites funneling traffic. The campaign uses deceptive captcha pages that trick users into executing PowerShell commands, instantly installing stealer malware. The ad network Monetag, a subsidiary of PropellerAds, is identified as the primary facilitator. The threat actors leverage services like BeMob for cloaking, showcasing the fragmented accountability in the ad ecosystem. The campaign's success highlights the need for stronger proactive measures in ad networks and the importance of user caution when encountering free content online.