Malware Campaign Baits Users Into Bypassing Browser Warnings Using Clever Captcha

Malware campaign that uses a clever captcha to download the Gozi (aka Ursnif) banking trojan has been discovered by the security researcher MalwareHunterTeam. When opening the malicious link, a video about NJ prison is opened, while the file console-play.exe is being downloaded and the site will display a fake reCaptcha image on the screen. Since the file that is being downloaded is a .exe file, Chrome would usually warn users of it, asking whether they want to keep or discard it, which is why fake reCaptcha is used. To bypass this warning, the threat actors are displaying a fake reCaptcha image that prompts the user to press the B, S, Tab, A, F, and the Enter buttons on their keyboard, which causes the browser to choose and confirm the 'Keep' option for the downloaded file. Read more...