Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection

Microsoft has disclosed specifics of an evasive year-extensive social engineering campaign whereby the operators held shifting their obfuscation and encryption mechanisms each 37 times on ordinary, which includes relying on Morse code, in an endeavor to protect their tracks and surreptitiously harvest consumer qualifications.

The phishing assaults acquire the type of invoice-themed lures mimicking financial-linked small business transactions, with the email messages that contains an HTML file (“XLS.HTML”). The greatest aim is to harvest usernames and passwords, which are subsequently made use of as an original entry position for later on infiltration tries.

Stack Overflow Teams

Microsoft likened the attachment to a “jigsaw puzzle,” noting that individual pieces of the HTML file are made to seem innocuous and slip previous endpoint security software package, only to expose its genuine shades when these segments are decoded and assembled with each other. The firm did not determine the hackers guiding the operation.

“This phishing campaign exemplifies the present day e mail menace: innovative, evasive, and relentlessly evolving,” Microsoft 365 Defender Risk Intelligence Group reported in an assessment. “The HTML attachment is divided into many segments, which include the JavaScript data files employed to steal passwords, which are then encoded making use of different mechanisms. These attackers moved from utilizing plaintext HTML code to using several encoding approaches, like old and unconventional encryption techniques like Morse code, to disguise these assault segments


Opening the attachment launches a browser window that shows a fake Microsoft Workplace 365 credentials dialog box on top rated of a blurred Excel doc. The dialog box displays a message urging the recipients to sign in again thanks to causes that their accessibility to the Excel doc has purportedly timed out. In the occasion the user enters the password, the personal is alerted that the typed password is incorrect, whilst the malware stealthily harvests the data in the history.

Enterprise Password Management

The marketing campaign is claimed to have undergone 10 iterations since its discovery in July 2020, with the adversary periodically switching up its encoding approaches to mask the destructive nature of the HTML attachment and the distinct attack segments contained in just the file.

Microsoft said it detected the use of Morse code in the attacks’ February and May 2021 waves, though later on variants of the phishing kit ended up uncovered to immediate the victims to a legitimate Business 365 page in its place of displaying a bogus mistake information after the passwords were entered.

“Email-based assaults continue on to make novel tries to bypass email stability answers,” the scientists reported. “In the circumstance of this phishing marketing campaign, these tries involve using multilayer obfuscation and encryption mechanisms for recognised existing file varieties, these kinds of as JavaScript. Multilayer obfuscation in HTML can likewise evade browser safety remedies.

Fibo Quantum