Hackers Mimic Google reCAPTCHA For Banking Malware Attacks

  • 289
  •  
  •  
  • 1
  •  
  •  
  •  
    290
    Shares

Another phishing campaign has surfaced online targeting banks. The attackers allegedly impersonate Google reCAPTCHA to leverage their attack. The campaign involves tricking the users to click on malicious links.

Fake Google reCAPTCHA Used In A New Phishing Campaign

Researchers at Sucuri have come across another fatal banking malware campaign. The malware deployed with this campaign links back to a phishing attack on a Polish bank. The researchers have elaborated the details of their investigation in a blog post.

The recently discovered campaign starts off just like any other phishing attack. The users receive spam emails supposedly from their banks informing about unauthorized transactions. These emails contain links to malicious PHP files that the users should click to verify the transaction.

However, unlike other phishing attacks where the spam links redirect users to impersonated sites, the links used in this campaign take the users to a fake page showing 404 error. This page contains various specific user-agents limited to Google crawlers.

If the request comes from any search engine other than Google, then the fake Google reCAPTCHA loads to deploy the malware. The malicious PHP code detects the victim’s device via browser agents and downloads the appropriate malware to it. For Android devices, the code deploys malicious .apk file. For others, it deploys a malicious .zip file.

Once downloaded, the malware can then perform any malicious activities, including interference with 2FA.

How To Identify The Attack

Phishing campaigns can often be easy to detect, however the better ones may seem more difficult to detect. Nonetheless, there are always some means to spot them if users remain vigilant. The researchers have shared some traits of the fake Google reCAPTCHA page through which the users may identify phishing.

“This page does a decent job at replicating the look of Google’s reCAPTCHA, but since it relies on static elements, the images will always be the same unless the malicious PHP file’s coding is changed. It also doesn’t support audio replay, unlike the real version.”

The success of most phishing campaigns depends on the level of trust of the users. Therefore, one should remain extremely cautious while clicking on links shared in emails – particularly from untrusted sources.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!