In a recent alert, Microsoft disclosed a quite novel (or archaical – you choose) way of a phishing / hacking crew, which relies on morse codes embedded in html pages.

While the find is about a phishing attempt and the goal is surely to obfuscate the malicious intention of the emails and attachments so as to evade the endpoint or mail gateway protections in place, the idea is quite interesting.

The campaign used phishing emails that changed the obfuscation methods every 37 days and one of the methods found by Microsoft was a morse encoder embedded right into a html document.

(Actually the links to the JavaScript payload files are encoded using ASCII then in Morse codecin one vaersion and the domain name of the phishing kit URL was encoded in Escape before the entire HTML code was encoded using Morse code in another iteration of the same malware set)

Wow, embedded Morse Encoder in html 😮

All other circumstances are the same old, same old: an invoice-themed mail, credential harvesting, etc.

But whoever done this was maybe new to the phishing trade, but certainly not new to the encryption / obfuscation / steganography business…