- Flashpoint warns cybercriminals use emojis to evade detection
- Emojis replace fraud and financial keywords to bypass filters
- Symbols like 💳, 🔑, 🤖 signal cards, credentials, and malware
Just as everyone else these days, cybercriminals use emojis, too. But they’re not just using them to make their messages fun or exciting, they’re also using them to hide their communication in plain sight and evade security analysts’ scrutiny.
This is according to a new report from threat intelligence experts, Flashpoint. Published earlier this week, Flashpoint says threat actors may substitute emojis for keywords associated with fraud techniques, financial activity, as well as specific platforms or services.
“For example, replacing “credit card” with 💳 or “bank” with 🏦 can help bypass basic keyword filters or reduce visibility in automated moderation systems,” the report states. “When combined with slang, abbreviations, and multilingual phrasing, this creates a layered form of obfuscation that complicates large-scale monitoring efforts.”
Article continues below
In other words, security professionals scouring the dark web for news of breaches and new malware services need to start adding emojis to the list of monitored keywords, too.
Numerous categories
Flashpoint has split the emojis crooks use into a few categories, such as Financial Activity, Access Credentials and Compromise, Tools, Automations, and Services, Targets and Geography, and Urgency, Success, and Status.
Some emojis, such as 💰 and 💸 can signal profit, successful fraud, or payouts, while 🪙 can suggest cryptocurrency-related activity.
These emojis – 🔑, or 🔓, relate to credentials and account access, as well as successful breaches and unlocked accounts. For Tools, Automation, and Services, emojis like 🤖, ⚙️, or 🧰 describe malware, settings, toolkits and bundled services.
The full list of analyzed emojis can be found here.
Flashpoint also says that there is another practical side to using emojis and that is – being able to communicate properly across regions and languages. Not everyone in the cybercriminal community speaks (proper) English, and being able to inform everyone about certain activity – quickly – most definitely helps.
All we’ll add to that is – 🤮
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must be logged in to post a comment Login