SingleFile Used as a Veil in New Phishing Attacks

Cybercriminals are now using legit browser extension tool as a veil to avert deductions in their new phishing schemes. SingleFile is a widely used browser extension tool for Google Chrome and Mozilla Firefox, and some cyber attackers are now using it in their latest phishing campaigns, as an obfuscation method to avoid detection.

Trend Micro researchers expressed that, the cybercriminals are using SingleFiles to copy the login pages of legitimate pages, which in turn can later be used to steal users’ credentials.There are other kinds of obfuscation methods like 'document.write(unescape(' which uses JavaScript, this particular method helps the attackers to hide the login form HTML code and JavaScript used by the original login page from static detection tools.

There are some methods to stay safe, and here are some of the ways to minimize the threat of attacks of this kind:Avoid clicking on unusual URL that carries the company or brand’s name. Instead, visit the site of these brand directly by typing the address in the address bar.

Some threat actors create URLs that look similar to the URL of an official website. Therefore, users must cross-check whether the website they are visiting is legitimate or not.Users should avoid clicking on any links or downloading files that are received via email unless they are absolutely sure about the sender.