Cyber-security analysts are warning of a sophisticated credential-harvesting campaign that combines a deceptive “I’m not arobot” CAPTCHA prompt with a Browser-in-the-Browser (BitB) overlay to mimic Facebook’s login window.
The multi-stage lure is designed to harvest account credentials and session cookies from unsuspecting users.
How the...