- Flashpoint warns that cybercriminals use emojis to evade detection
- Emojis replace scam and financial keywords to bypass filters
- Symbols such as 💳, 🔑, 🤖 signal cards, credentials and malware
Just like everyone else nowadays, cybercriminals also use emojis. But not only do they use them to make their messages fun or exciting, they also use them to hide their communication in plain sight and evade the scrutiny of security analysts.
This is according to a new report from threat intelligence experts, Flashpoint. Released earlier this week, Flashpoint says threat actors can replace emojis with keywords associated with fraud techniques, financial activity, as well as specific platforms or services.
“For example, replacing “credit card” with 💳 or “bank” with 🏦 may help bypass basic keyword filters or reduce visibility in automated moderation systems,” the report states. “When combined with jargon, abbreviations and multilingual phrases, this creates a form of confusion that complicates large-scale monitoring efforts.”
Article continues below.
In other words, security professionals who scour the dark web for news about breaches and new malware services should also start adding emojis to the list of monitored keywords.
Numerous categories
Flashpoint has divided the emojis used by criminals into a few categories, such as financial activity, access credentials and compromise, tools, automations and services, objectives and geography, and urgency, success and status.
Some emojis, such as 💰 and 💸, can indicate winnings, successful fraud, or payments, while 🪙 can suggest cryptocurrency-related activity.
These emojis, 🔑 or 🔓, relate to credentials and account access, as well as successful breaches and unlocked accounts. For Tools, Automation, and Services, emojis like 🤖, ⚙️, or 🧰 describe malware, configurations, toolkits, and included services.
The full list of analyzed emojis can be found here.
Flashpoint also says that there is another practical side to using emojis and that is being able to communicate properly across regions and languages. Not everyone in the cybercriminal community speaks English (properly), and being able to inform everyone about certain activity, quickly, definitely helps.
All we’ll add to that is – 🤮
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
