Cyber Attacks

New phishing techniques uses Morse code to hide malicious URLs


A new targeted phishing campaign was discovered by security experts which leverages a new obfuscation technique based on the Morse code to hide malicious URLs in an email attachment and bypass secure mail gateways and mail filters.

The Morse code encodes each letter and number in a series of dots and dashes. This is the first time the threat actors in the wild have used the Morse encoding for the malicious URLs in phishing.

The BleepingComputer researchers found multiple samples involved in this phishing campaign that were uploaded to VirusTotal since early February.

The campaign uses the subject ‘Revenue_payment_invoice February_Wednesday 02/03/2021.’ The HTML attachment appears to be an Excel invoice, the naming convention used is ‘[company_name]_invoice_[number]._xlsx.hTML.’

The HTML code includes a JavaScript that implements the Morse coding/decoding operations.

The script includes both morseCode() and morseDecode() functions to implement the novel phishing technique. The hexadecimal string corresponding to the encoded URL is further decoded into JavaScript tags that are injected into the HTML page.

According to a post published by BleepingComputer, the injected scripts combined with the HTML attachment contain the various resources necessary to render a fake Excel spreadsheet that states their sign-in timed out and prompts them to enter their password again. After giving the password, it will be submitted to a remote site.

The threat actors used the logo.clearbit.comservice to insert logos for the recipient’s companies into the login form. If the logo is not available, it will use a generic Office 365 logo.

It was reported that at least eleven companies were targeted with this novel phishing technique.

Image Credits : BleepingComputer

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Google fixes Chrome zero-day flaw actively exploited in the wild

    Previous article

    Hackers breach and tried to poison Florida town’s water supply

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *