In the past, people could avoid phishing attacks by simply not opening DOC or XLS files from unknown senders. However, those days are over, and cybercriminals have come up with a new way to compromise your PC. Perception Point’s Incident Response team recently discovered a new phishing method that uses HTML files to hide malicious scripts.
Cybercriminals have been using HTML pages in phishing emails for some time to get around anti-spam technologies and antivirus software. They typically use HTML files to redirect users to harmful websites, download files, or display phishing forms in the browser. Unfortunately, security software often overlooks e-mailed HTML attachments, making this tactic successful.
Recently, instead of directing victims to fake login pages via links, hackers are encouraging users to download fake login pages. This approach allows the attacker to host the webpage on the user’s device, eliminating the need for a public URL. This tactic enables the attacker to avoid maintaining a phishing page on a compromised website and evade strict HTML constraints imposed on email bodies.
These types of attacks have been prevalent for a while, and Perception Point’s researchers have discovered a new phishing method designed to evade advanced detection. When security systems scan the HTML attachment, they see a “harmless” Base64 encoded object. However, when decoded, the object reveals an SVG file encoded as a URL. Behind that, a second decoding reveals an obfuscated script intended for credential theft. It is essential to address this flaw in security software to prevent these types of attacks from succeeding.
Story Credit
Related stories:
