Skip to main content

New phishing scam uses Morse code to conceal malicious links

security
(Image credit: Shutterstock / Golden Sikorka)

In a display of bewildering creativity, cybercriminals have started using Morse code to conceal password-stealing malware.

The discovery of this completely novel approach was first detailed on Reddit and has since been verified by Bleeping Computer.

Here's how the attack is conducted: first the hacker sends out an email with an HTML attachment, designed to look like an Excel invoice. Most email security solutions would normally pick up on a document like this, but this time the script in the HTML file is written in Morse code.

Further down, another script calls a decodeMorse() function that decodes the code into a hexadecimal string and then another script that decodes it into two JavaScript tags. These tags are injected into the HTML page and displayed on the screen.

When the victim tries to open the file, it launches in an internet browser and displays something resembling Excel, with a popup across the screen that asks the victim to submit their password. This password is then sent to a CnC server, where it’s collected by the attackers.

According to Bleeping Computer, the attack is “highly targeted”. In many cases, the pop-up actually contains the logo of the victim's company, to establish credibility.

So far, eleven companies have been targeted, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four.