Phishing Emails Hide Malware Triggers in Subject Lines

Cybercriminals are using a new method to bypass email security systems by embedding invisible characters in subject lines through MIME encoding. These phishing emails hide malware and credential theft schemes by leveraging Unicode soft hyphens to split key terms undetectable to automated filters. The attack disguises malicious intent while maintaining a clean appearance in the inbox preview.

Researchers from the Internet Storm Center identified the technique after spotting subject lines that appeared incomplete or garbled until opened. These phishing emails hide malware by encoding subject lines in Base64 with UTF-8 characters, where soft hyphens fragment keywords like “password” at a code level.

Attackers direct recipients to compromised websites hosting fake webmail login portals. The invisible characters also appear in message bodies to evade content scanning engines. The technique highlights a growing trend in evasion-focused social engineering.

To see the decoded samples and technical details, read the full article at:

New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding