What is a Homoglyph Attack?

Homoglyphs are characters that resemble each other, such as the letter O and zero (‘0’), the Latin letter “H” and the Cyrillic letter “H,” or the uppercase “I” (“I”) and the lowercase letter “l” (L), which look identical in a sans serif font (like Calibri).

In a homoglyph attack (also sometimes called a homograph attack), the threat actor uses homoglyphs to spoof a URL or obfuscate code. For example, the attacker might create a fake URL that spoofs a legitimate URL by using a homoglyph, like “InternationalBank.com,” switching out the letter sans serif letter “I” (“I”) for the lowercase sans serif letter “l” (L). Or the threat actor might use homoglyphs in the malware code to hide nefarious intent by inserting them into code strings that to the naked eye look normal but instead instruct the malware to do something different, like change the code’s perceived intent, such as making an ‘if’ statement always true or redirecting the user to a malicious domain.