Certainly I have been seeing an increase in fake captchas recently on compromised WordPress instances being used to deliver infostealers. Although a couple of months old, Netskope has a great article on how these captchas work:

https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection

Was a good to understand how the captcha component works to deliver the malware.