Current location: home page > Industry trends >Text content

Phishing websites show "custom font" to avoid security check

Dazzle Yi Two years ago (2019-01-15) Industry trends seven hundred and sixty-one

    hearsay : a new phishing web page technology has appeared on the Internet since the middle of 2018. It mainly uses the custom web font to show users the phishing web pages that look normal text, but in fact, the source code is random and random code, so as to avoid it security Check.

This was discovered in the phishing toolkit, which uses a new technology to obfuscate the source code of forged pages. The source code contains a special code of display text, copy and paste the web page plaintext into the text will produce coded text.

   Phishing websites show "custom font" to avoid security check

In addition, phishing attackers only use two fonts, "woff" and "woff2"; they are hidden by Base64 encoding. After logging in, this kind of phishing makes use of custom web font file to make the browser present ciphertext as plaintext.

 Phishing websites show "custom font" to avoid security check

A big hole is that even when security personnel see the source code of phishing web pages, they find that there are only a lot of meaningless code, which makes it difficult to quickly understand what the web page is for; when users enter with a browser, they will see a normal but false login page.

Although there are many web source code obfuscation techniques on the Internet, this kind of user-defined font technology is unique and the first example.

Comment list

Two years ago (2019-01-19)

In the crawler industry, font confusion is still quite common. Unexpectedly, it has been applied to the fishing industry



Welcome to participate in the discussion. Please express your views and exchange your views here.
Call for istwar