April 9, 2019 By David Bisson 2 min read

In a recent phishing campaign, fraudsters used a legitimate browser extension tool called SingleFile to obfuscate their attacks and remain undetected.

According to Trend Micro, the malicious mail campaign started on Feb. 27 and utilized SingleFile, a web extension for Google Chrome and Mozilla Firefox that allows users to save webpages as single HTML files. As such, SingleFile is designed to help streamline the process by which users can archive webpages.

Threat actors abused SingleFile’s legitimate functionality, however, by copying the login pages of legitimate webpages, such as those of the payment processing website Stripe. Though simple, this spoofing method enabled the attackers to generate almost an identical copy of the legitimate website’s login mechanism, which they could then use to phish for users’ credentials. This attack technique came with an added bonus in that it hid the login form’s HTML code as well as the JavaScript used by the legitimate login page from detection by static security tools.

Attackers’ Growing Abuse of Legitimate Tools

As noted by Symantec, threat actors are increasingly living off the land in that they’re using tools already installed on a computer and running simple scripts or shellcode directly into memory as part of their campaigns. As with the use of SingleFile identified above, these tactics help attackers evade detection.

Fraudsters are also now obtaining digital certificates to add a sense of legitimacy to their phishing pages. According to Krebs on Security, just under half (49 percent) of phishing sites now come with the green padlock in the address bar, an icon that is indicative of a secure web connection.

How to Defend Against SingleFile Phishing Campaigns

Security professionals can help defend their organizations against a phishing campaign by using ahead-of-threat detection to filter out potentially malicious domains based on WHOIS information and other intelligence feeds. Security teams should also develop an ongoing security awareness program and customize training to the unique needs of the organization.

More from

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today