A new phishing scam has begun circulating. First discovered in Brazil, Catch-All spreads via a phishing attack telling the recipient that someone has sent them photos through WhatsApp. When the victim clicks on a link to the photos they’re instead prompted to download WhatsApp.exe, which is actually an installer for the Catch-All extension. The installer masquerades as an Adobe Acrobat installer. Once installed the Catch-All is capable of capturing everything you type into the Chrome browser. The captured data is saved to a file and transmitted to a command and control server. Information like usernames, passwords, credit card numbers … anything you type in your browser is at risk.