Security News > 2021 > February > New phishing attack uses Morse code to hide malicious URLs
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.
Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire.
Starting last week, a threat actor began utilizing Morse code to hide malicious URLs in their phishing form to bypass secure mail gateways and mail filters.
BleepingComputer could not find any references to Morse code being used in phishing attacks in the past, making this a novel obfuscation technique.
When viewing the attachment in a text editor, you can see that they include JavaScript that maps letters and numbers to Morse code.
The script then calls a decodeMorse() function to decode a Morse code string into a hexadecimal string.
News URL
Related news
- Cloudflare outage caused by botched blocking of phishing URL (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)