February 28, 2019, By Stu Sjouwerman
A phishing campaign is using a phony Google reCAPTCHA system to deliver banking malware, according to researchers at Sucuri. The attackers are sending emails, supposedly from a Polish bank, telling users to confirm an unknown transaction.
When recipients click on a link to investigate the suspicious charge, they’ll be shown a spoofed 404 error page. PHP code will then replicate a reCAPTCHA using HTML and JavaScript to trick victims into thinking the site is real.
The PHP code will then download either a .zip dropper or an .apk file, depending on which device the victim is using. If the victim is using Android, it will download malware that’s capable of intercepting incoming SMS, enabling the attacker to bypass SMS-based two-factor authentication.
https://A phishing campaign is using a phony Google reCAPTCHA system to deliver banking malware, according to researchers at Sucuri. The attackers are sending emails, supposedly from a Polish bank, telling users to confirm an unknown transaction. When recipients click on a link to investigate the suspicious charge, they'll be shown a spoofed 404 error page. PHP code will then replicate a reCAPTCHA using HTML and JavaScript to trick victims into thinking the site is real. The PHP code will then download either a .zip dropper or an .apk file, depending on which device the victim is using. If the victim is using Android, it will download malware that's capable of intercepting incoming SMS, enabling the attacker to bypass SMS-based two-factor authentication.
reCAPTCHA Phishbait Targets Google Users
+54Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.