Cybercriminals have discovered a new way to conceal malicious code inside phishing attacks by using invisible Unicode characters. This technique, identified by Juniper Threat Labs, has been actively used in attacks targeting affiliates of a U.S. political action committee (PAC). By making their scripts appear as blank space, hackers can evade detection from traditional security tools and increase the likelihood of successfully compromising victims.
The attack, first observed in early January 2025, is more advanced than typical phishing campaigns. Hackers customized their messages using personal, non-public details about their targets, making the emails seem more legitimate. They also implemented various tricks to avoid detection, such as inserting debugger breakpoints and using timing checks to prevent cybersecurity professionals from analyzing the script.
Additionally, they wrapped phishing links inside multiple layers of Postmark tracking links, making it harder to trace the final destination of the attack.
The method itself isn’t entirely new. In October 2024, JavaScript developer Martin Kleppe introduced the idea as an experimental programming technique. However, cybercriminals quickly adapted it for phishing attacks.
The trick works by converting each character in a JavaScript script into an 8-bit binary format. Instead of using visible numbers like ones and zeros, attackers replace them with invisible Hangul Unicode ch
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: