Security News > 2021 > August > Malware campaign uses clever 'captcha' to bypass browser warning
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif banking trojan.
Yesterday, security researcher MalwareHunterTeam shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women's prison.
When you click on the play button, the browser will download a file named console-play.
While pressing the B, S, A, and F keys do not do anything, pressing the Tab key will make the 'Keep' button become focused, and then pressing the 'Enter' key will act as a click on the button, causing the browser to download and save the file to the computer.
As you can see, this fake captcha prompt is a clever way to trick a user into downloading a malicious file that the browser is warning could be malicious.
Once running, Ursnif will steal account credentials, download further malware to the computer, and execute commands issued remotely by the threat actors.