New malware campaign impersonates a fake Google reCAPTCHA to supply banking malware. The campaign especially targeted a Polish bank.
Security researchers from Sucuri determined the state-of-the-art phishing campaign employed with each the impersonation and panic/bait strategies.
1. Malware Infection – Fake Google reCAPTCHA:-
The malware contamination starts offevolved with the fake confirmation receipt of the current transaction that includes a hyperlink to the malicious PHP report.
Attackers designed the email within the manner to create a panic scenario to clients asking affirmation for an unknown transaction.
Generally, the phishing email consists of a log wherein grabs the person’s login, but the layout here is unique, the marketing campaign alternatively serves a faux 404 errors web page to its that tracks the sufferers user-agents.
“We see that they may be confined to crawlers associated with Google, indicating that the attackers ought to now not be too involved about different search engines.” reads Sucuri blog post.
2. Fake Google reCAPTCHA :-
Once the user-agent were given filtered then the PHP code loads a faux Google reCAPTCHA that is based on static factors. The PHP determines which malware to be dropped on the sufferer’s machine primarily based on consumer-agent.
The malicious web page rechecks the sufferer’s user-agent.Zip dropper or a malicious .Apk based totally at the traveler’s tool.
If it detects an android tool then it offers the .Apk file, else it passes any other request to download the .Zip document to victim’s device.
Once the malware were given mounted inside the device it starts intercepting 2FA thru SMS to grab the login credentials.
0 Comments