Phishing websites show "custom font" to avoid security check
Dazzle Yi Two years ago (2019-01-15) Industry trends seven hundred and sixty-one
hearsay : a new phishing web page technology has appeared on the Internet since the middle of 2018. It mainly uses the custom web font to show users the phishing web pages that look normal text, but in fact, the source code is random and random code, so as to avoid it security Check.
This was discovered in the phishing toolkit, which uses a new technology to obfuscate the source code of forged pages. The source code contains a special code of display text, copy and paste the web page plaintext into the text will produce coded text.
In addition, phishing attackers only use two fonts, "woff" and "woff2"; they are hidden by Base64 encoding. After logging in, this kind of phishing makes use of custom web font file to make the browser present ciphertext as plaintext.
A big hole is that even when security personnel see the source code of phishing web pages, they find that there are only a lot of meaningless code, which makes it difficult to quickly understand what the web page is for; when users enter with a browser, they will see a normal but false login page.
Although there are many web source code obfuscation techniques on the Internet, this kind of user-defined font technology is unique and the first example.