A new phishing campaign is using an old sort of communication to cover malicious URLs in an email attachment.
Morse Code was a well-liked sort of communication within the 1800s. It uses a code language during which each letter and number is encoded as a series of dots and dashes.
According to a report by online portal BleepingComputer, the threat actor started using Morse last week to bypass mail gateways and filters by hiding malicious URLs.
While instances of such attack within the past couldn’t be found, there have been many samples uploaded to VirusTotal, a free service that analyzes files and URLs for viruses, worms, trojans and other malicious content, since Groundhog Day.
The attack reported through a Reddit post starts with an email containing an HTML attachment that appears sort of a spreadsheet-type invoice.
BleepingComputer explained when viewed during a text editor, one can see that attachment includes JavaScript that maps letters and numbers. Different letters were mapped in separate codes.
The script and HTML attachment work together to make a fake spreadsheet that needs users to sign-in and enters their passwords again. Users are then directed to a site that collects the login credentials.
To make the login form look real, attackers are using logos for the recipient’s companies and Office365. the web portal has identified eleven companies that have fallen prey to the present attack.
