Cybercriminals are using the Japanese hiragana character "ん" to make malicious URLs look like legitimate Booking.com addresses, taking advantage of its resemblance to certain Latin characters in some fonts. These phishing emails contain links that appear genuine but actually redirect victims to a fake domain, which then delivers malware via an MSI installer. This tactic is an example of a homoglyph attack, where similar-looking characters from different alphabets are used to deceive users.
A similar scheme was spotted targeting Intuit customers, where attackers replaced the lowercase "i" with an "L" in domains to trick recipients. Both campaigns highlight the dangers of relying solely on visual inspection of URLs, especially on mobile devices. Security experts recommend always checking the actual domain name, hovering over links before clicking, and keeping endpoint protection software updated to prevent infections.
Read more...