Home News Hackers Use Google reCAPTCHA for Banking Malware Attack
Hackers Use Google reCAPTCHA for Banking Malware Attack Hackers Use Google reCAPTCHA for Banking Malware Attack
News | 03/04/2019

Hackers Use Google reCAPTCHA for Banking Malware Attack

When was the last time you checked your PC health? Do you know your PC requires a regular Check Up!!!

Hackers Mimic Google reCAPTCHA to Deliver Banking Malware

Cybersecurity researchers have documented a recent phishing campaign targeting online banking users which masquerades as Google in its attempt to steal valuable login credentials.

The cyber-attackers allegedly impersonate a fake Google reCAPTCHA to deliver banking malware.

The campaign specifically targeted a Polish bank to deceive its user’s to click on malicious links embedded in spam emails.

Fake Google reCAPTCHA Used in A New Phishing Attack

The recently discovered malware attack starts off just like any other phishing campaign. The users receive spam emails allegedly from their banks informing about unauthorized transactions.

These emails contain a link to the malicious PHP file that the users should click to verify the non-existent transaction.

However, unlike other phishing attacks where the unsolicited malicious links redirect users to impersonated sites, the links used in this campaign take the users to a fake page showing 404 error.

This fake 404 error page contains various specific user-agents limited to Google crawlers.

Fake google reCAPTCHA

If the request is not Google crawler-related -- in other words, if the request comes from any search engine other than Google – then the PHP script loads a fake Google reCAPTCHA that relies on JavaScript and static HTML elements to deploy the malware.

Once the user-agent got filtered, malicious PHP script detects the victim’s device via browser agents and downloads the appropriate malware to it.

If it identifies an android device then the code deploys malicious .apk file, else it passes another request to download the malicious .zip file to victim’s machine.

Once installed in the device, the malware can then perform any malicious activities, including interference with 2FA through SMS to grab the login credentials.

Also Read: What is Zapmeta? Is Zapmeta a Virus? [Is it Safe to Use]

How to Identify the Fake Google reCAPTCHA Attack?

Phishing campaigns can often be easy to identify; however, the better ones may seem more difficult to detect. Nonetheless, there are always some ways to spot them if users remain vigilant.

The cybersecurity experts have shared some traits of the fake Google reCAPTCHA page through which the users may identify phishing scam.

When a request goes through the user-agent filter, the PHP script loads a bogus Google reCAPTCHA and determines which malware to put on users’ machines. It loads the fake malicious page by using a combination of JavaScript and HTML elements.

As these elements are static, the images will always be the same unless the malicious PHP file’s coding is changed.

Another way to spot the difference is to play the audio as a fake page doesn’t support audio replay, unlike the real version.


The success of most phishing attacks depends on the level of trust of the users.

Therefore, one should remain exceptionally cautious while clicking on links shared in emails – particularly from untrusted sources.

Nowadays, hackers have learned to make their malware infections more adaptable, resilient and damaging than ever before. While no silver bullet can defend you against all cyber threats at the same time. Hence, what do we need?

First, we need to upgrade our cyber defense structures and processes to more effectively guard against cybersecurity risks, as well as to respond in a timely and robust manner to prevent any future attacks.

malware crusher

Note* - We recommend ITL Total Security and Malware crusher, among the best reputed anti-malware software which will help you to block extensions, hijackers, adware and other malware on your PC.

They are fully loaded with many valuable features like Invalid Registry Cleaner, Real-Time Protection, Web Protection, Live updates, and many more to protect your computer from all kinds of disarray and keep you safe always.

Tips to Prevent virus and malware from Infecting Your System:
  1. Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
    So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for ChromeMozilla, and IE
  2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
  3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
  4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
  5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool


× Zoom Image