Morse code, the ultimate password stealing trick
One of the most used techniques to steal passwords is the Phishing. Basically it is an email or message that we supposedly receive from a legitimate source, but when entering the keys, they end up on a server controlled by the attackers. For example, this happens when we receive an e-mail from supposedly our bank asking us to log in to solve a problem. The reality is that it is a scam and that key is going to fall into the wrong hands.
However, these attacks are increasingly being detected. The e-mail providers themselves, the security programs, the users themselves when we see a suspicious link or logo, etc. But of course, hackers are constantly updated to avoid detection and to carry out their attacks.
That’s where the tactic of the Morse code. Microsoft has detected a campaign that is based on an HTML file. The individual parts of that file are designed to appear harmless and not be detected by antivirus. It only reveals its true content when the segments are decoded and assembled together.
HTML attachment
From Microsoft they indicate that this HTML attachment is divided into various segments, including JavaScript files that are used to steal passwords, which are then encrypted using various mechanisms. But the most striking of all is that they use encryption methods, including Morse code. This allows you to hide those segments.
If a user opens that file, a window automatically opens in the browser with a dialog box for sign in to Microsoft 365. Logically it is something false. Once the victim has logged in, the attackers can steal the passwords. They also use malware to collect data in the background. Keep in mind that there are many methods to steal passwords.
They have indicated that these types of attacks in which they use Morse code to avoid being detected by the antivirusThey have seen them in campaigns since February. They warn that attacks through e-mail have increased considerably in recent times, as they represent a significant possibility for hackers.
This makes it essential to maintain security when we are going to open an attachment that we receive by mail or any link that takes us to a web page to log in. Common sense in these cases will be essential, but it is also advisable to have security programs. A good antivirus, such as Windows Defender, Avast or Bitdefender, will help us maintain security and avoid downloading malicious files.
