Morse code, invented as a way of transmitting messages across telegraph wire, is being used by cybercriminals to hide malicious URLs within email attachments. This obfuscation technique was discovered last week, and so far there is no record of it being used in phishing attacks before.
Numerous samples of the targeted attack have been uploaded to VirusTotal since the 2nd of February, 2021, BleepingComputer reports. The attack starts with a phishing email, which claims to be an invoice for the victim company. Each email includes an HTML attachment, which when opened begins to decode the Morse code string within it into a hexadecimal string. This is then further decoded into JavaScript tags that are injected into the HTML page. Next, the victim is lead to a fake Excel spreadsheet, asking them to re-enter their password, which is how the threat actors steal login credentials.
Eleven companies have been targeted by this phishing attack. These include SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four.
