"URL Phishing Campaign Hides Attack Behind Morse Code"
A new URL phishing campaign that uses Morse code was discovered in February 2021. Morse code was invented by Samuel Morse and Alfred Vail in the 19th century. It is a communication method that uses dots and dashes to transmit messages. Phishers are now using this method to hide malicious URLs in email attachments and circumvent detection. According to Bleeping Computer, the URL phishing attack begins with a user receiving an email appearing to be an invoice. Once the recipient opens the attachment, it activates in HTML. The attached URL phishing file includes JavaScript code that maps letters and numbers to the dots and dashes of Morse code. When the JavaScript code runs, it uses a decodeMorse() function to translate the Morse code into a hexadecimal string. This hexadecimal string is then decoded into JavaScript tags that are injected into the HTML page. The tags create an image of a fake Excel spreadsheet that prompts the recipient to sign into their Office 365 account. When the user enters their credentials, the login form will send them to a remote site where the attackers can collect them. The attack falls under the umbrella of spear phishing as it involves sending an email to a specific company. This article continues to discuss the use of Morse code in a new URL phishing campaign, other evasion methods used by phishers, and how organizations can defend themselves against URL phishing attacks.
Security Intelligence reports "URL Phishing Campaign Hides Attack Behind Morse Code"