BleepingComputer has identified a new targeted phishing campaign in which emails pretending to be company invoices use Morse code in an attachment to hide malicious URLs and bypass secure mail gateways and mail filters. The HTML attachment includes JavaScript that maps letters and numbers to Morse code.
A decodeMorse function is used to decode a Morse code string into a hexadecimal string, which is further decoded into JavaScript tags that are injected into the HTML page and, combined with the HTML attachment, are able to render a fake Excel spreadsheet. Users are informed that their sign-in timed out and prompted to reenter their password, after which the form submits the password to a remote site where their login credentials are collected by the attackers.
BleepingComputer found 11 companies targeted by the phishing attack and recommended that Windows file extensions be enabled to identify suspicious attachments more easily.
From BleepingComputer
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found