Quote:A recently-discovered phishing scam was found peddling malware, using a new technique to mask its malicious landing page: A fake Google reCAPTCHA system.
The campaign targeted a Polish bank and its users with emails, said researchers with Sucuri. These emails contained a link to a malicious PHP file, which eventually downloaded the BankBot malware onto victims’ systems.
This Android-targeted banking malware, first discovered in 2016, is a remotely controlled Android banking trojan capable of stealing banking details by impersonating bank apps, looking at text messages and displaying unsolicited push notifications. In this specific case, BankBot was scooping up various private data, including SMS and call logs, contacts and location, researchers said.
“During a recent investigation, we discovered a malicious file related to a phishing campaign that targeted a Polish bank,” said Luke Leak with Sucuri, in a Thursday analysis. “This campaign employed both the impersonation and panic/bait techniques within an email in order to lure victims into downloading banking malware.”
SOURCE: https://threatpost.com/phishing-scam-mal...ha/142142/
![[-]](https://www.geeks.fyi/images/collapse.png)
