Kobold Letters: HTML-based Email Phishing Attacks
Musi waKurume 31st 2024, Luta Security yakaburitsa chinyorwa chinovhenekera pachinhu chitsva chakasimba. phishing vector, Kobold Letters. Kusiyana nekuedza kwechinyakare phishing, uko kunovimba nekutumira meseji inonyengera kukwezva vanobatwa kuti vaburitse pachena. ruzivo, musiyano uyu unoshandisa HTML's flexible yekumisikidza zvakavanzwa mukati meemail. Akadaidzwa kuti "mavara emarasha" nenyanzvi dzekuchengetedza, aya mameseji akavanzika anoshandisa iyo Document Object Model (DOM) kuti vazviratidze ivo pachavo zvichienderana nenzvimbo yavo mukati meiyo email chimiro.
Nepo pfungwa yekuvanza zvakavanzika mukati meemail inogona kutanga ichiita seisina mhosva kana hungwaru, chokwadi chakanyanya kuipa. Vatambi vane hutsinye vanogona kushandisa zano iri kuti vanzvere kuona uye kugovera mitoro inokuvadza. Nekumisikidza zvakashata mukati meiyo email muviri, kunyanya izvo zvinobatika pakutumira, vapari vemhosva vanogona kunzvenga matanho ekuchengetedza, nekudaro vachiwedzera njodzi yekuparadzira malware kana kuita zvirongwa zvekubiridzira.
Zvikuru, kusagadzikana uku kunokanganisa vatengi veemail vane mukurumbira vakaita seMozilla Thunderbird, Outlook paWebhu, uye Gmail. Kunyangwe zvakapararira, Thunderbird chete ndiyo yakatora matanho ekugadzirisa dambudziko iri nekufunga chigamba chiri kuuya. Kusiyana neizvi, Microsoft neGoogle havasati vapa zvirongwa zvekugadzirisa kusagadzikana uku, zvichisiya vashandisi vari munjodzi yekubiridzirwa.
Nepo email ichiramba iri dombo repakona rekutaurirana kwemazuva ano, kusagadzikana uku kunoratidza kukosha kwemaemail akasimba ekuchengetedza matanho. Kuwedzera kusvinurira uye nhanho dzekuita dzakakosha kudzikamisa njodzi dzekusandura email kutyisidzira. Pamusoro pezvo, kusimudzira tsika yekugoverana mutoro uye kuita basa rekuita kuburikidza nekubatana uye kuita pamwe chete chinhu chakakosha mukusimbisa dziviriro.
