Skip to main content

New phishing scam uses Morse code to conceal malicious links

(Image credit: Shutterstock / Golden Sikorka)

In a display of bewildering creativity, cybercriminals have started using Morse code to conceal password-stealing malware.

The discovery of this completely novel approach was first detailed on Reddit and has since been verified by Bleeping Computer.

Here's how the attack is conducted: first the hacker sends out an email with an HTML attachment, designed to look like an Excel invoice. Most email security solutions would normally pick up on a document like this, but this time the script in the HTML file is written in Morse code.

Further down, another script calls a decodeMorse() function that decodes the code into a hexadecimal string and then another script that decodes it into two JavaScript tags. These tags are injected into the HTML page and displayed on the screen.

When the victim tries to open the file, it launches in an internet browser and displays something resembling Excel, with a popup across the screen that asks the victim to submit their password. This password is then sent to a CnC server, where it’s collected by the attackers.

According to Bleeping Computer, the attack is “highly targeted”. In many cases, the pop-up actually contains the logo of the victim's company, to establish credibility.

So far, eleven companies have been targeted, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.