JavaScript -based redirect attack is serious because it can force your browser (mobile or desktop) to go to another website without your consent or even your knowledge. The concern is that your browser can be sent to malicious websites. This attack injections or manipulated the Javascript code on a legitimate web page. Before you find out, the browser (or even your desktop computer) on your phone makes you a victim of phishing scam, spyware, kalgis (recording of your strokes) and triggers.
The goal is to get the password you use, which will allow the attackers to access your banking and financial apps. JavaScript -based redirect attacks are being delivered through scaleable vector graphics (SVG) files. They are mostly considered to be harmless image files, but they can embed the script elements with design to redirect mobile and desktop browsers to dangerous websites. Redirect destinations are determined by the attackers.
Examples of fishing credentials with the name of the company modified by the invaders. | Image credit
According to Auntie, emails use weak or ineffective email verification domains. This allows the attackers to open potential victims to open the email they send to make excuses that they have been sent by a trusted brand or a person. The e -mail includes “a call to action” that tries to open the image file to the victim or to preview it on a mobile or desktop browser. Once the image is presented, the SVG embedded the Java script quietly. Javascript is enforced and then the browser is directed without a user’s interaction.
“This technique shows how opponents are turning from the process of implementation and smuggling (HTML and now SVG) techniques. The script logic is embedded in image formats and using reliable browser functions, attacking the attacker chains on traditional behaviors or symbols. Distribution of Payloads through.
The campaign stands for the use of local redirection from the browser without the user’s interaction or external download. It eliminates the difference between traditional phishing and complete malware delivery, which makes it stealthily and efficient. “
-Thantenio
Keep an eye on emails that are straightforward about seeing a photo file you immediately. If an email looks like it has been sent from a company with which you do business, find spelling mistakes or call the company using a phone number that you get online. You cannot rely on all business numbers from Google as some are expelled from the crowd and are open to manipulation by bad actors.
Read the latest from Alan Fredman
