Cyberattackers spoof Google Translate in a unique phishing tactic

Attackers are spoofing Google Translate as part of an ongoing phishing campaign that uses a common JavaScript coding technique to bypass email security scanners. Leveraging trust in Google Translate is a novel approach, the researchers said.

Researchers from Avanan, a Check Point software company, uncovered the campaign, which uses the coding technique to obfuscate phishing sites to make them appear as legitimate to the end user as well as trick security gateways. . Phishing also uses social engineering tactics to convince users that they need to respond quickly to an email or face account termination, according to a blog post published today.

The messages direct a user to a link that directs them to a credential collection page that appears to be a legitimate Google Translate page, with a pre-populated email field that only requires a person to enter their login password.

The campaign is an example of a number of today’s increasingly sophisticated tactics that threat actors use in contemporary phishing campaigns to fool both the more sophisticated end-users who have become familiar with the malicious tactics , as well as email scanners that delete suspicious messages before they get through, noted Jeremy Fuchs, cybersecurity researcher and analyst at Avanan.

“This attack has a bit of everything,” he wrote in the post. “It has unique social engineering up front. It relies on a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services. “

“Urgent plea”

Researchers observed a Spanish-language email used in the campaign, which, like most phishing messages, begins with social engineering.

In this case, hackers make an “urgent call” to a user to confirm access to their account by informing them that important emails are missing and they only have 48 hours to review them before they are deleted.

“It’s a compelling message that could get someone to take action,” Fuchs noted.

Taking the bait, the link directs the victim to a login page which is a “pretty convincing” Google Translate lookalike page, complete with the typical logo in the upper left corner of the page and a drop-down list of languages. Closer inspection shows the URL has nothing to do with Google Translate, however, the researchers noted.

The background code makes it even more obvious that the page is a fake, with the “HTML turning this site into a Google Translate lookalike“, Fuchs wrote.

One of the JavaScript commands hackers use here is the “unescape function“, which is “a classic command that helps hide the true meaning of the page,” he wrote.

Unescape is a function in JavaScript that calculates a new string in which hexadecimal escape sequences are replaced with the character it represents. The feature can be used on a web page to make the page appear to be displayed as one thing, but when decoded it displays a “heap of gibberish” that can trick email security, according to a video on the phishing campaign published by Avanan.

“This attack requires vigilance from the end user and advanced natural language processing from the security service to stop,” Fuchs noted in the post.

Phishers look to success

Indeed, as Internet users are already familiar with the common tactics that threat actors use to trick them into giving credentials to phishing pages, actors are increasingly turning to new tactics or combining common tactics in different ways to ensure the success of their cybercriminal activity, the researchers said.

Attackers have recently been seen using everything from voicemails to falsified PayPal invoices to the ongoing war in Ukraine to lure unwitting email users into phishing bait.

Even with the rise in sophistication, however, the usual precautions that all Internet users and security professionals should take to avoid giving their credentials to phishers still apply – not just in the case of the Google Translate campaign but in all areas, according to Avanan.

Researchers recommend that users always hover over URLs found in messages before clicking on them to ensure the destination is legitimate, as well as paying close attention to grammar, spelling, and factual inconsistencies in an email. -email before trusting him.

And as always, users should also use common sense when dealing with emails from unknown entities, the researchers said. If they have any doubts about their origin or their intentions, they should simply ask the original sender to be sure before taking further action.

Comments are closed.