Cyberattackers Spoof Google Translate in Unique Phishing Tactic

  /     /     /  
Publicated : 23/11/2024   Category : security


Cyberattackers Spoof Google Translate in Unique Phishing Tactic


The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.



Attackers are
spoofing
Google Translate in an ongoing
phishing campaign
that uses a common JavaScript coding technique to bypass email security scanners. Leveraging trust in Google Translate is a never-before-seen approach, researchers said.
Researchers from Avanan, a Check Point Software Company, uncovered the campaign, which uses the coding technique to obfuscate phishing sites to make them appear legitimate to the end user as well as fool security gateways. The phish also uses social engineering tactics to convince users they need to respond quickly to an email or face having an account closed,
according to a blog post published today.
The messages direct a user to a link that directs them to a credential-harvesting page that appears to be a legitimate Google Translate page, with a pre-populated email field that requires only that a person enter his or her password to log in.
The campaign is an example of a number of current, increasingly more sophisticated tactics that threat actors are using in contemporary phishing campaigns to fool both more savvy end users who have become familiar with malicious tactics, as well as email scanners that delete suspicious messages before they get through, noted Jeremy Fuchs, an Avanan cybersecurity researcher and analyst.
This attack has a little bit of everything, he wrote in the post. It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services.
Researchers observed a Spanish-language email being used in the campaign, which begins — as most phishing messages do — with social engineering.
In this case, hackers make an urgent plea for a user to confirm access to his or her account by informing them that they are missing out on important emails and have only 48 hours in which to review them before they will be deleted.
Thats a compelling message that might get someone to act, Fuchs noted.
Upon taking the bait, the link directs a victim to a login page that is a pretty convincing Google Translate lookalike page, complete with the typical logo on the upper left-hand corner of the page and a drop-down list of languages. Closer inspection shows that the URL has nothing to do with Google Translate, however, the researchers noted.
The code in the background makes it even more apparent that the page is a fake, with the HTML that goes into turning this site into a Google Translate lookalike
,
Fuchs wrote.
One of the JavaScript commands hackers use here is the unescape function
,
which is a classic command that helps obfuscate the true meaning of the page, he wrote.
Unescape is a function in JavaScript that computes a new string in which hexadecimal escape sequences are replaced with the character that it represents. The function can be used on a webpage to appear to show the page as one thing but then, when decoded, shows a bunch of gibberish that can trick email security, according to a video about the phishing campaign posted by Avanan.
This attack requires vigilance on the part of the end user, and advanced natural language processing on the part of the security service to stop, Fuchs noted in the post.
Indeed, as Internet users already are familiar with common tactics that threat actors use to fool them into giving up credentials to phishing pages, actors
increasingly are pivoting
to new tactics or combining common ones in different ways to help ensure the success of their cybercriminal activity, the researchers said.
Attackers recently have been seen using everything from
voice-themed messages
to
spoofed PayPal invoices
to leveraging the
ongoing war in the Ukraine
to get unwitting email users to take phishing bait.
Even with the ramp-up in sophistication, however, the usual precautions that all Internet users and security professionals alike should take to avoid giving up their credentials to phishers still apply — not only in the case of the Google Translate campaign but across the board, according to Avanan.
Researchers recommend that people always hover over URLs found in messages before clicking on them to ensure the destination is legitimate, as well as pay closer attention to grammar, spelling, and factual inconsistencies within an email before trusting it.
And as always, users also should put basic common sense into play when dealing with emails from unknown entities, researchers said. If they ever have doubts about where theyre coming from or their intentions, they should just ask the original sender to be sure before taking further actions.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cyberattackers Spoof Google Translate in Unique Phishing Tactic