A new targeted phishing campaign was discovered by security experts which leverages a new obfuscation technique based on the Morse code to hide malicious URLs in an email attachment and bypass secure mail gateways and mail filters.
The Morse code encodes each letter and number in a series of dots and dashes. This is the first time the threat actors in the wild have used the Morse encoding for the malicious URLs in phishing.
The BleepingComputer researchers found multiple samples involved in this phishing campaign that were uploaded to VirusTotal since early February.
The campaign uses the subject ‘Revenue_payment_invoice February_Wednesday 02/03/2021.’ The HTML attachment appears to be an Excel invoice, the naming convention used is ‘[company_name]_invoice_[number]._xlsx.hTML.’
According to a post published by BleepingComputer, the injected scripts combined with the HTML attachment contain the various resources necessary to render a fake Excel spreadsheet that states their sign-in timed out and prompts them to enter their password again. After giving the password, it will be submitted to a remote site.
The threat actors used the logo.clearbit.comservice to insert logos for the recipient’s companies into the login form. If the logo is not available, it will use a generic Office 365 logo.
It was reported that at least eleven companies were targeted with this novel phishing technique.
Image Credits : BleepingComputer