Schemes used by Hackers in Phishing that you should know.
I would love to explain two concepts malicious hackers use to steal user credentials Emotet and CSS Invert().
Emotet — Emotet is a kind of malware originally designed as a banking Trojan aimed at stealing financial data, but it’s evolved to become a major threat to users everywhere. It can be installed either via a malicious script, macro-enabled document files, or malicious link.
Source: CYFIRMA threat update
Emotet emails may contain familiar branding designed to look like a legitimate email. when installed, it sits on the targets computer observing key presses and web pages. once a user visits a specific programmed login page, it automatically activates and starts to capture user emails and passwords for that login site and transmits it in real-time to the attacker.
Here is where it gets serious Emotet ransacks your contacts list and sends itself to your friends, family, coworkers and clients and sometimes inserts itself in an already active conversation making it harder to ignore. Since these emails are coming from your hijacked email account, the emails look less like spam and the recipients, feeling safe, are more inclined to click bad URLs and download infected files. In a connected network, it tries to brute force passwords of that network and infect it.
This virus started in 2014 but just resurfaced again in 2020. If you suspect you’ve already been infected by Emotet, don’t freak out. If your computer is connected to a network — isolate it immediately. Once isolated, proceed to patch and clean the infected system.
to protect yourself, first, learn how Emote works here: https://blog.malwarebytes.com/detections/trojan-emotet/, always keep your system up to date with latest patches, avoid downloading suspicious attachments or clicking any shady-looking link. If you must, please scan these links using virus total, create Two Factor Authentication (2FA) and use Strong passwords.
For more info please click here.
My second story is about Office 356. Yes. if you notice, email providers are becoming smarter in detecting phishing links especially those leading to office 365 login pages. One way they use to effectively detect this is using image recognition software to compare the background images of these phishing sites with those of these websites being targeted such as Office365, Paypal, Google, Dropbox, Linkedin, Facebook and the likes.
Original and inverted background image of office 365.
What attackers are currently using is CSS invert(). Here is how it works, first they take office 365 landing page background image and inverts the colour.
CSS of the inverted background.
After uploading this image, it becomes difficult for this image recognition software to detect because it is not a completely opposite image from what they are crawling for. These hackers then use a CSS function to invert the image again and it reverts back to the original image. Clever isn’t it?
At this point, I would say that hackers would try anything to gain access and with the change in work happening due to COVID19, more companies are being forced to work online with little or no preparation. We need to provide more information to people so as to help detect and possibly avoid these processes.
How do we defend this? For now its sill the simple way of not clicking on any suspicious links, checking all links through virus total.
Please be safe, practice safe practices and I would post more frequently exposing more of these processes with examples.
If you would like to support my research at your own free will, please click here to buy me coffee thanks.
Good insight!