In the cyber world, being human is something we sometimes have to verify. Visiting websites using Google’s reCAPTCHA to enter is a way to protect those websites from spam and abuse, including from bots. We’ve all checked the “I’m Not a Robot” box to enter certain websites. It gives the websites a sense of legitimacy most of us welcome. Well, hold on…that isn’t the case so much anymore. There’s a new scam out there abusing that little check box, unleashing the BankBot malware onto systems both big and small.
Like too many hacks these days, at the heart of this latest BankBot version are phishing emails. Hackers know that humans are tempted to open emails with subject lines and content having to do with their finances. The subject line is designed to trick users into believing an unauthorized financial transaction–or another problem, happened with their account. Few humans can resist opening that type of email. Opening it leads to a familiar reCAPTCHA page. We enter the numbers and letters displayed and then check that little “I’m not a robot” box. Once that happens, BankBot malware enters a system.
Once BankBot takes over, it displays duplicate websites from major banks, including Citibank and Wells Fargo. BankBot exists to steal your sensitive information, including logins, credit card numbers, and other account details. In addition, this improved BankBot also grabs your contacts, location, texts, and smartphone call history. This also allows BankBot to launch even more spear phishing campaigns–targeted emails using the names and details it has stolen.
BankBot was first discovered in 2016, sneaking itself into apps in Google Play Store, despite Google’s best efforts to remove it. Like most malware, hackers improve and build on what they’ve learned in past hacks. This latest version of BankBot takes their malware to a whole new level by using reCAPTCHA. The one detail BankBot has yet to conquer with reCAPTCHA is the audio option that reads aloud the mix of letters and numbers it asks users to duplicate, and then check the “I’m not a robot” box. Although this latest version of BankBot was discovered attacking banks in Poland, as we’ve seen before, banking malware has no problem growing its attacks worldwide. In a world where being human is a good thing, like most phishing attacks, BankBot takes advantage of humans and the traits making us “not robots