Thursday, September 23, 2021

Attackers Using Morse Code in phishing campaign to Evade Detection

Must Read

I made this ‘magic’ iPhone Wi-Fi hack in my bedroom, imagine what others could do: Google researcher

Do not assume there is not somebody out there who is willing and ready to discover the ideal bug...

Near Up to 350,000 Spotify Users Targeted by Credential Stuffers

Security researchers have assisted Spotify handles a potentially considerable credential stuffing campaign after having an unsecured cloud database containing...

Vietnam targeted in a complex supply chain attack

Hackers have inserted malware inside an app offered for download by the Vietnam Government Certification Authority (VGCA).A bunch of...

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.

Microsoft also revealed the workings of a phishing attack group’s techniques that use a ‘jigsaw puzzle’ technique plus unusual features like Morse code dashes and dots to hide its attacks.

In This Social-engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials.

Cybercriminals attempt to change tactics as fast as security and protection technologies do. The group is using invoices in Excel HTML or web documents to distribute forms that capture credentials for later hacking efforts. The technique is notable because it bypasses traditional email filter systems.

Microsoft likened the attachment to a “jigsaw puzzle,” noting that individual parts of the HTML file are designed to appear innocuous and slip past endpoint security software, only to reveal its true colors when these segments are decoded and assembled. The company did not identify the hackers behind the operation.

The main aim of the attack is to acquire usernames and passwords, but it is also collecting profit data such as IP address and location to use for subsequent breach attempts. “This phishing campaign is unique in the lengths attackers take to encode the HTML file to bypass security controls,” Microsoft said.

Opening the attachment launches a browser window that displays a fake Microsoft Office 365 credentials dialog box on top of a blurred Excel document. The dialog box shows a message urging the recipients to sign in again due to reasons that their access to the Excel document has purportedly timed out. In the event the user enters the password, the individual is alerted that the typed password is incorrect, while the malware stealthily harvests the information in the background.

The Morse Code element of the attack is used in conjunction with JavaScript, the most popular programming language for web development.

The campaign is said to have undergone 10 iterations since its discovery in July 2020, with the adversary periodically switching up its encoding methods to mask the malicious nature of the HTML attachment and the different attack segments contained within the file.

This attack comes under the category of business email compromise a highly profitable scam that outsizes the ransomware cybercrime industry.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This