A new malware campaign impersonates a fake Google reCAPTCHA to deliver banking malware. Researchers from Sucuri discovered the sophisticated phishing campaign employed with both the impersonation and panic/bait techniques. The malware infection starts with the fake confirmation receipt of the recent transaction that includes a link to the malicious PHP file. The PHP determines which malware to be dropped on the victims machine based on user-agent. Once the malware got installed in the device it starts intercepting 2FA through SMS to grab the login credentials.”]
Source: https://gbhackers.com/malware-fake-google-recaptcha/