How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography

We Keep you Connected

How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography

Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them.
Quishing, a phishing technique resulting from the combination of “QR” and “phishing,” has become a popular weapon for cybercriminals in 2023.
By concealing malicious links within QR codes, attackers can evade traditional spam filters, which are primarily geared towards identifying text-based phishing attempts. The inability of many security tools to decipher the content of QR codes further makes this method a go-to choice for cybercriminals.
Analyzing a QR code with an embedded malicious link in a safe environment is easy with ANY.RUN:
The sandbox will then automatically launch a new task window, allowing you to analyze the URL identified within the QR code.
Purchase an annual Searcher or Hunter plan subscription and get another for your colleague completely free of charge. Available November 20-26.
CAPTCHA is a security solution used on websites to prevent automated bots from creating fake accounts or submitting spam. Attackers have managed to exploit this tool to their advantage.
Attackers are increasingly using CAPTCHAs to mask credential-harvesting forms on fake websites. By generating hundreds of domain names using a Randomized Domain Generated Algorithm (RDGA) and implementing CloudFlare’s CAPTCHAs, they can effectively hide these forms from automated security systems, such as web crawlers, which are unable to bypass the CAPTCHAs.
The example above shows an attack targeting Halliburton Corporation employees. It first requires the user to pass a CAPTCHA check and then uses a realistic Office 365 private login page that is difficult to distinguish from the real page.
Once the victim enters their login credentials, they are redirected to a legitimate website, while the attackers exfiltrate the credentials to their Command-and-Control server.
Learn more about CAPTCHA attacks in this article.
Steganography is the practice of hiding data inside different media, such as images, videos, or other files.
A typical phishing attack that employs steganography begins with a carefully crafted email designed to appear legitimate. Embedded within the email is an attachment, often a Word document, accompanied by a link to a file-sharing platform like Dropbox. In the example below, you can see a fake email from a Colombian government organization.
The unsuspecting user that clicks the link inside the document downloads an archive, which contains a VBS script file. Upon execution, the script retrieves an image file, seemingly harmless but containing hidden malicious code. Once executed, the malware infects the victim’s system.
To understand how steganography attacks are carried out and detected, check out this article.
ANY.RUN is a malware analysis sandbox that is capable of detecting a wide range of phishing tactics and letting users examine them in detail.
Check out ANY.RUN’s Black Friday Offer, available November 20-26.
The sandbox offers:
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.
Join the conversation to learn how to combat Zenbleed and Kubernetes attacks.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE