Sign In

Communications of the ACM

ACM TechNews

Phishing Attack Uses Morse Code to Hide Malicious URLs

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Morse Code Machine

Credit: Getty Images

BleepingComputer has identified a new targeted phishing campaign in which emails pretending to be company invoices use Morse code in an attachment to hide malicious URLs and bypass secure mail gateways and mail filters. The HTML attachment includes JavaScript that maps letters and numbers to Morse code.

A decodeMorse function is used to decode a Morse code string into a hexadecimal string, which is further decoded into JavaScript tags that are injected into the HTML page and, combined with the HTML attachment, are able to render a fake Excel spreadsheet. Users are informed that their sign-in timed out and prompted to reenter their password, after which the form submits the password to a remote site where their login credentials are collected by the attackers.

BleepingComputer found 11 companies targeted by the phishing attack and recommended that Windows file extensions be enabled to identify suspicious attachments more easily.

From BleepingComputer
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found