Current location: home page > Industry trends >Text content

Phishing websites show "custom font" to avoid security check

Dazzle Yi 2019-01-15 Industry trends nine hundred and fifty-two

    hearsay : a new phishing web page technology has appeared on the Internet since the middle of 2018. It mainly uses the custom web font to show users the phishing web pages that look normal text, but in fact, the source code is random and random code, so as to avoid it security Check.

This was discovered in the phishing toolkit, which uses a new technology to obfuscate the source code of forged pages. The source code contains a special code of display text, copy and paste the web page plaintext into the text will produce coded text.

   Phishing websites show "custom font" to avoid security check 1.jpg

  In addition, phishing attackers only use two fonts, "woff" and "woff2"; And hidden by Base64 encoding. After logging in, this kind of phishing makes use of custom web font file to make the browser present ciphertext as plaintext.

 Phishing websites show "custom font" to avoid security check 2.jpg

  It brings a big hole is that even when security personnel see the source code of phishing web pages, they find that there are only a lot of meaningless code, which makes it difficult to quickly understand what the web page is used for; When the user enters with the browser, what he sees is a normal but false login page.

  Although there are many web source code obfuscation techniques on the Internet, this kind of user-defined font technology is unique and the first example.

Comment list


In the crawler industry, font confusion is still quite common. Unexpectedly, it has been applied to the fishing industry



Welcome to participate in the discussion. Please express your opinions and opinions here.