Light Dark
April 9, 2019 By David Bisson 2 min read

In a recent phishing campaign, fraudsters used a legitimate browser extension tool called SingleFile to obfuscate their attacks and remain undetected.

According to Trend Micro, the malicious mail campaign started on Feb. 27 and utilized SingleFile, a web extension for Google Chrome and Mozilla Firefox that allows users to save webpages as single HTML files. As such, SingleFile is designed to help streamline the process by which users can archive webpages.

Threat actors abused SingleFile’s legitimate functionality, however, by copying the login pages of legitimate webpages, such as those of the payment processing website Stripe. Though simple, this spoofing method enabled the attackers to generate almost an identical copy of the legitimate website’s login mechanism, which they could then use to phish for users’ credentials. This attack technique came with an added bonus in that it hid the login form’s HTML code as well as the JavaScript used by the legitimate login page from detection by static security tools.

Attackers’ Growing Abuse of Legitimate Tools

As noted by Symantec, threat actors are increasingly living off the land in that they’re using tools already installed on a computer and running simple scripts or shellcode directly into memory as part of their campaigns. As with the use of SingleFile identified above, these tactics help attackers evade detection.

Fraudsters are also now obtaining digital certificates to add a sense of legitimacy to their phishing pages. According to Krebs on Security, just under half (49 percent) of phishing sites now come with the green padlock in the address bar, an icon that is indicative of a secure web connection.

How to Defend Against SingleFile Phishing Campaigns

Security professionals can help defend their organizations against a phishing campaign by using ahead-of-threat detection to filter out potentially malicious domains based on WHOIS information and other intelligence feeds. Security teams should also develop an ongoing security awareness program and customize training to the unique needs of the organization.

 |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

May 3, 2024

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature