Phishing websites show "custom font" to avoid security check
hearsay : a new phishing web page technology has appeared on the Internet since the middle of 2018. It mainly uses the custom web font to show users the phishing web pages that look normal text, but in fact, the source code is random and random code, so as to avoid it security Check.
This was discovered in the phishing toolkit, which uses a new technology to obfuscate the source code of forged pages. The source code contains a special code of display text, copy and paste the web page plaintext into the text will produce coded text.
In addition, phishing attackers only use two fonts, "woff" and "woff2"; And hidden by Base64 encoding. After logging in, this kind of phishing makes use of custom web font file to make the browser present ciphertext as plaintext.
It brings a big hole is that even when security personnel see the source code of phishing web pages, they find that there are only a lot of meaningless code, which makes it difficult to quickly understand what the web page is used for; When the user enters with the browser, what he sees is a normal but false login page.
Although there are many web source code obfuscation techniques on the Internet, this kind of user-defined font technology is unique and the first example.