Morse code used in phishing attack

Oops I posted the wrong URL above to see the the steps the malware takes . It should have been

https://www.bleepingcomputer.com/ne...ttack-uses-morse-code-to-hide-malicious-urls/

the source Ria mentioned.

 

It’s simple code obfuscation. Nothing really new other than that they happen use a Morse code encoder / decoder rather than as more complex code obfuscator.

The goal is to hide malicious looking bits of JavaScript code from the anti virus software that is scanning it by changing the JavaScript code into something the anti virus cannot directly decipher.

This has been done for decades with various forms of obfuscation.

 

But mostly it's just cats.

 

It looks like the code is off by 1 character.

 

Beam me up, Scotty! This planet sucks . . . . .

 

I completely understand how this could happen. I am setting up a filter to look for CW in web/email pages. That should make this benign.

 

This should be easy enough for most virus scanning applications to incorporate into their defense routines. But in reality this type of code camouflage cold be accomplished with any string of characters and symbols that the malicious code author decides to put together. It wouldn't need to be Morse.

 

Better turn on your vpn!

 

I do not think a ham did it.

 

I finally looked at the code. They info they include in Morse is just hexadecimal strings. Meaning they only use the letters A through F and digits 0 through 9.

They could have shortened their decoder routine by eliminating the codes for Morse letters G through Z, since they never use those letters.

 

D'oh!!!!!

 

They probably just cut and pasted it in toto from somewhere LOL.

 

I am pretty sure it was a script kiddie who just copied the code because they didn't know how to write a better obfuscator.

 

Most people are script kitties these days.