The Zscaler ThreatLabz research team has recently discovered a malware campaign targeting users applying for Thailand travel passes. The end payload of many of these attacks is AsyncRAT, a Remote Access Trojan that can be used to monitor, control, and steal sensitive data from victims' machines. Thailand Pass is an online travel agency that brokers airline tickets to travelers who want to visit Thailand or other foreign countries. Attackers trick victims using a spoof web page that poses as Thailand Pass, ultimately baiting users into downloading AsyncRAT. The Thailand Pass organization has issued an advisory for these malicious campaigns on their official website "tp.consulargoth" as shown below. Figure 1: Advisory by Thailand pass organization. In this blog, our team will provide a deep analysis of the malware campaign that we have observed related to these attacks. The below image shows the complete flow of execution for this malware campaign. Figure 2: Complete a
BankInfoSecurity
Compliance Twitter
Attackers steal login credentials via fake Google reCAPTCHA screens. (Source: Pixabay)
A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.
Attack Tactics
The campaign begins with attackers sending victims phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.
Once the victims open the attached HTML file, they are redirected to a .xyz phishing domain which is disguised as a legitimate Google reCAPTCHA page in order to trick the users.