Hackers hiding malware behind Captcha

Hackers are hiding malware inside the Captcha to evade email security gateways. This technique helps attackers in establishing the authencity of the email. 

There are various social engineering methods that are used by the hackers in tricking users to believe them. 

A new email campaign using an email id @avis.ne.jp, alerts recipients that they received a voice message.  The voice attached with a preview tempts users to listen to the full message.

The email contains a play button, which directs users to the page that contains captcha, this step is to bypass the automated analysis tools and to bypass secure email gateways.

The malicious page asks users to select a Microsoft account to log in when the victim login all their credentials are captured.

“Both pages are legitimate Microsoft top-level domains, so when checking these against domain reputation databases we receive a false negative and the pages come back as safe,” reads Cofense report.

Before clicking on any link attached to the email, the user should investigate that the website is safe or not.