Tech News

New phishing attack using Morse code

Pinterest LinkedIn Tumblr

A new phishing campaign includes a new obfuscation technique of using Morse code to hide malicious website addresses in an email attachment.

And (Samuel Morse) Samuel Morse and (Alfred Vail) created Morse code as a way to transmit messages through the telegraph, and when used, each letter and number is encoded in the form of a series of dots (short sound) and dashes (long sound).

Starting last week, an attacker started using Morse code in order to hide malicious website addresses in his phishing model to bypass secure mail portals and mail filters.

There have been no indications of Morse code being used in phishing attacks in the past, which makes this a new jamming technique

After this attack is recognized for the first time across Published Within the Reddit platform, security researchers have found several attack samples uploaded via VirusTotal since February 2, 2021.

The phishing attack begins with an email that pretends to be an invoice to the companyThis email includes an HTML attachment labeled in such a way that it looks like the company’s Excel invoice.

When viewing the attachment in a text editor, it appears that it includes JavaScript instructions for assigning letters and numbers to Morse code.

The JavaScript instructions call the decodeMorse () function to decode the string of Morse code into a hexadecimal string.

This hexadecimal string is also decoded in the JavaScript tags that are injected into the HTML page.

These injected scripts along with an HTML attachment contain many of the resources needed to display a fake Excel spreadsheet that shows a login timeout and prompts them to enter the password again.

After the user enters the password, the form sends the password to a remote site where the attacker can collect the login data.

This campaign appears to be highly targeted, with the attacker using the logo.clearbit.com service to insert logos of recipient companies into the login form to make it more compelling. If the logo is not available, it uses the generic Office 365 logo.

Eleven companies have been targeted by this phishing attack, including SGS, Dimensional, Metrohm, SBI (Mauritius), NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti and Capital Four.

Phishing is getting more and more complex as mail portals become better at detecting malicious emails.

As a result, you should pay attention to URLs and attachment names before submitting any information.

Given that phishing e-mail uses dual-extension attachments (xlxs and HTML), it is important to make sure that Windows file extensions are enabled to make it easier to detect suspicious attachments.

Have an article/sponsored post to share? Whatsapp: +2348129656985.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Pin It