- Security researchers from Sucuri published a report on an email-based phishing campaign targeting Android and desktop users.
- The phishing campaigns deploy emails with PHP links containing landing pages with a fake reCAPTCHA system.
- The trojan in the landing page is detected by most antivirus solutions, and it should not pose a threat to desktop users.
Security researchers from Sucuri have discovered a new phishing campaign targeting a Polish bank and its users. The attackers are using a fake version of Google’s reCAPTCHA system to lure unsuspecting users into giving up personal information. The phishing campaign is being conducted via scam emails that contain malicious .PHP files.
The scam emails contain messages stating that certain transactions need to be verified by users. Anyone who opens the PHP links is taken to a landing page that is authenticated by a fake version of the reCAPTCHA system. Seeing Google’s own authentication method being implemented on the page can make victims think the landing page is legitimate.
According to Sucuri, the page does a great job of replicating Google’s reCAPTCHA. However, the images shown in the authentication requests are always the same which can raise some suspicions amongst users if they are unable to clear the authentication method at one go. The fake version also does not support audio replay which can also raise some red flags amongst those who are familiar with the platform.
The trojan is detected by various antivirus software, and the developers did not deploy any complex measures to be more secretive. The malware is most commonly seen in Android devices as it is able to view private data like contacts, location, SMS data, call logs and other sensitive information.
With Google changing how the reCAPTCHA system works, users will be familiarized with the new reCAPTCHA 3 system making the current phishing campaign less likely to work. The upcoming revamped version of the authentication system will require no user input and Google will use advanced algorithms to authentication users.