Threat Intelligence team from Microsoft has identified a sophisticated phishing campaign where attackers are changing obfuscation and encryption techniques for every 37 days to evade detection by security controls.
“Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.” reads the blog post.
Upon opening the attachment, the malicious file launches the browser windows with fake O365 credential dialogue box that collects the credentials from user. Even though the entered password is correct , user gets an error message denoting the submitted password is incorrect. On the other hand, the entered password will be harvested by the threat actors in background.
Researchers also observed that this specific malware is using morse code to stay under the radar. “Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.” reads the blog post.
CyberWorkx news readers can checkout the IOC’s here.
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1