Morse code helps cybercriminals evade detection

Microsoft has released new details on a phishing campaign which employed evolving tactics including the use of Morse code to evade detect...

Microsoft has released new details on a phishing campaign which employed evolving tactics including the use of Morse code to evade detection.

During the year-long investigation carried out by researchers from Microsoft Security Intelligence, the cybercriminals behind the campaign changed obfuscation and encryption mechanisms every 37 days on average to avoid having their operation detected.

The campaign itself used an invoice-themed XLS.HTML attachment divided into several segments including the JavaScript files used to steal passwords which are then encoded using various mechanisms. Over the course of Microsoft's investigation, the attackers went from using plaintext HTML code to using multiple encoding techniques including some older and unusual encryption methods like Morse code to hide these attack segments according to a new blog post.

To avoid detection further, some of the code segments used in the campaign were not even present in the attachment itself and instead resided in a number of open directories.

Fake payment notices

This XLS.HTML phishing campaign uses social engineering to create emails that mimic the look of financial-related business transactions in the form of fake payment notices.

The campaign's primary goal is credential harvesting and while it originally harvested usernames and passwords, in its more recent iteration it has also started collecting other information such as IP addresses and locations which the cybercriminals behind it use as the initial entry point for later infiltration attempts.

Although XLS is used in the attachment file to prompt users to expect an Excel file, when the attachment is opened it launches a browser window instead that takes potential victims to a fake Microsoft Office 365 login page. A dialog on the page prompts users to login again as their access to the Excel document has supposedly timed out. However, if a user does enter their password, they will then receive a fake note saying that the submitted password is incorrect while an attacker-controlled phishing kit running in the background harvests their credentials.

What sets this campaign apart is the fact that cybercriminals behind it went to great lengths to encode the HTML file in such a way to bypass security controls. As always, users should avoid opening emails from unknown senders especially when they require them to login into an online service to access a file or request that they enable macros.

from TechRadar - All the latest technology news https://ift.tt/3AJH5iz



Apps,3855,Business,148,Camera,1154,Earn $$$,1,Gadgets,1739,Games,924,Innovations,1,Mobile,1695,Paid Promotions,3,Promotions,3,Technology,7934,Trailers,795,Travel,36,Trendly News,21691,Video,4,XIAOMI,12,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Morse code helps cybercriminals evade detection
Morse code helps cybercriminals evade detection
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy