<https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/>
I'm reminded of the recent post suggesting that SA parse QR codes to feed
URLs to block lists.
The email includes a web document pretending to be an Excel document
(double extension .xlsx.hTML) that contains a JavaScript Morse decoder and
a string with the URLs encoded in Morse.
I see two ways to block this: 1) MUAs should ignore code in HTML. 2) A
malware scanner like ClamAV should watch for this kind of stuff.
I'm reminded of the recent post suggesting that SA parse QR codes to feed
URLs to block lists.
The email includes a web document pretending to be an Excel document
(double extension .xlsx.hTML) that contains a JavaScript Morse decoder and
a string with the URLs encoded in Morse.
I see two ways to block this: 1) MUAs should ignore code in HTML. 2) A
malware scanner like ClamAV should watch for this kind of stuff.