The attack, for now, has been directed against a Polish bank in which attackers are exploiting Google reCAPTCHA systems as well as panic-eliciting tactics to lure victims into clicking on infected, malicious links that are already embedded in scam emails.
The objective behind this campaign is the same as it often is in similar other campaigns- to steal user credentials. Sucuri researchers identified that the campaign is utilizing not only panic/bait techniques but also impersonation both in an email so that the recipient ends up downloading the malware.
According to Sucuri’s blog post, the emails contain an inauthentic confirmation of a transaction that apparently has been made recently and also has a link that redirects to a malicious PHP file. Naturally, bank customers will be alarmed as they would be requested to confirm an unknown transaction. Interestingly, the fake PHP file leads to a fake page bearing the 404 error message, which is delivered to specifically outlined user-agents.
The user-agents are restricted to Google-related crawlers, which hints at the fact that the attackers don’t intend to make use of other search engines. Normally, attackers use user-agent filtering technique to block multiple search engines, but that’s not the case this time around.
Website owners and administrators should watch out for this malware as a compromised website can be reported to Google and end up being disabled by hosting firm which is a serious issue and might be blacklisted eventually.
Therefore, Sucuri researchers urge website admins to scan all the existing website files as well as databases for malware and delete the files that are contained in complaints. Furthermore, it is suggested that users update their passwords to prevent attackers from launching attacks.
Based Blockchain Network