A new targeted phishing scam includes a new technique of using Morse code to hide malicious links in an email attachment.
A targeted phishing scam includes a new technique of using Morse code to hide malicious links in an email attachment.
Samuel Morse and Alfred Vail invented Morse code as a method used in telecommunication to encode text characters as standardized sequences of two different signal durations, called dots (short sound) and dashes (long sound).
Last week a threat actor began using Morse code to hide malicious URLs in their phishing form to bypass secure email gateways and mail filters.
The phishing campaign starts with a spam email purportedly containing a payment invoice. The email is attached to an HTM file that is designed to look like an Excel spreadsheet. This time the script in the HTML file is written in Morse code.
The script then calls a decodeMorse() function to decode a Morse code string into a hexadecimal string. This hexadecimal string is further decoded into JavaScript tags. These tags are inserted into the HTML page and displayed on the screen.
When the victim tries to open the file, it launches in an internet browser and displays something resembling Excel, with a pop-up across the screen that asks the victim to submit their password. This password is then sent to a CnC server, where the attackers can collect login credentials.
In many cases, the pop-up contains the logo of the victim’s company to establish credibility.
These injected scripts combined with the HTML attachment contain the various resources necessary to render a fake Excel spreadsheet that states their sign-in timed out and prompts them to enter their password again.
BleepingComputer reported that eleven companies had been targeted, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Cargea, Bridgestone, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?