Hackers are using the dreaded “zero font” tactic in phishing emails, creating a false sense of legitimacy for otherwise malicious threats, researchers say.
As the name suggests, zero font is a tactic in which hackers use font size 0 for a font, making certain text invisible to the human eye. At the same time, software, and more importantly antivirus and email security software, can read it. Threat actors use this fact to confuse email security solutions and ensure that malicious emails end up in the inbox instead of the spam folder.
However, in this particular case, it is not only intended to confuse software, but also to confuse the reader. This is what ISC Sans analyst Jan Kopriva says, who has seen an example of a malicious email. When a victim receives a message in the Outlook client, there are three ways to read it: the list of emails, usually on the left, the preview window, usually on the right, and in a separate window, after double-clicking it message in the email list.
By using a null font, hackers can type text that appears in the email list, but not in the email itself. In this case, they used “Scanned and Protected by Isc®Advanced Threat Protection (APT),” in an attempt to trick the recipient into thinking the email had been scanned by an endpoint security solution and considered clean.
That could cause recipients to drop their guard and click on links and download any attachments that come with the email. This particular email campaign offered recipients a new job opportunity, something we’ve seen Project Lazarus do in the past.
In its article, Kopriva warned Outlook users that this is not the only email client that displays content in an email list regardless of font size.
Through BleepingComputer