Hackers use Morse Code Phishing attacks to avoid detection
Microsoft discovered that hackers are now using a unique method to carry out phishing attacks. According to it, online attackers are relying on Morse Code to evade detection.
Since the Morse code tactic is new and effective, the tech giant claimed that it had carried out investigation for a year on the new invoice-themed XLS.HTML phishing campaign, where the emails contain an HTML file.
Also read: Experts identify a new Russian Malware
Microsoft also highlighted the efficiency of the hacker where they change their encryption tools on a regular basis. This points to the fact that the new mechanism is successful in constantly evading security detection, giving a boost to the credential theft operation. The aim here is to get hold of user ids and passwords, which act as a doorway to later attempts of infiltration.
According to the Microsoft 365 Defender Threat Intelligence Team‘s analysis, the phishing campaign depicts the characteristics of the recent email threat as it is sophisticated, evasive, and evolving. They further elaborated that the HTML attachment is divided into several sections with the JavaScript files used to snip passwords. The attackers are getting smart and so have moved from using plaintext HTML code to unusual encryption ways like Morse Code so that these segments can be hidden.
Once the attachment is opened, a dialogue box displaying fake Microsoft Office 365 credentials launches over a blur excel file. The dialog box urges the users to log in again, claiming that their access to the document has timed out. While the user gets prompted of an incorrect password after the attempt, the attacker gets hold of the input information.
It has also been observed that the campaign has undergone 10 iterations since its inception in July last year, where the attacker is twisting the encoding methods in an effort to cover the malicious nature of the attachment and segments contained within the file.
With this, the security researchers state that email-based attacks are making use of smart mechanisms to bypass security, like in this case. This phishing campaign includes using multilayer obfuscation in HTML, which can easily evade browser security solutions.
