A recently-discovered phishing scam was found peddling malware, using a new technique to mask its malicious landing page: A fake Google reCAPTCHA system.
The campaign targeted a Polish bank and its users with emails, said researchers with Sucuri. These emails contained a link to a malicious PHP file, which eventually downloaded the BankBot malware onto victims’ systems.