Posted on Leave a comment

Hackers Using Morse Code For Evasive Phishing Campaign.

Threat Intelligence team from Microsoft has identified a sophisticated phishing campaign where attackers are changing obfuscation and encryption techniques for every 37 days to evade detection by security controls.

This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving. The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments.”

Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.” reads the blog post.

Screenshot of encoded HTML

Upon opening the attachment, the malicious file launches the browser windows with fake O365 credential dialogue box that collects the credentials from user. Even though the entered password is correct , user gets an error message denoting the submitted password is incorrect. On the other hand, the entered password will be harvested by the threat actors in background.

Screenshot of email
Source:Microsoft

Researchers also observed that this specific malware is using morse code to stay under the radar. “Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.” reads the blog post.

CyberWorkx news readers can checkout the IOC’s here.

Source: Microsoft.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply