Cybercriminals have been found using the legitimate browser extension tool SingleFile as a part of their latest phishing campaign. The web extension is used as the obfuscation method to avoid detection.
What is SingleFile - SingleFiles is an extension available for Google Chrome and Mozilla Firefox. It allows users to save a webpage as a single HTML file. The extension streamlines the process of saving web pages, required files and all, on a single HTML document.
How is it exploited by attackers - According to Trend Micro researchers, the cybercriminals are using SingleFiles to copy the login pages of legitimate pages, which in turn can later to used to steal users’ credentials.
Citing the effectiveness of using SingleFile as an attack tool, researchers said, “unlike other obfuscation methods such as 'document.write(unescape(' which uses JavaScript, the generated phishing page hides the login form HTML code and the JavaScript used by the original login page from static detection tools.”
How to stay safe - Given the way the threat actors can exploit SingleFile for malicious purpose, it is very necessary to minimize the threat of this attack. This includes:
Publisher