Trustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure users into saving and opening malicious payloads, impersonating well-known brands such as Adobe Acrobat, Google Drive, and the US Postal Service to increase the chances of users falling victim.
HTML smuggling uses HTML5 attributes that can work offline by storing a binary in an immutable blob of data (or embedded payload) within JavaScript code, which is decoded into a file object when opened via a web browser. It is not a new attack method, but it has grown in popularity since Microsoft started blocking macros in documents from the internet by default, Trustwave SpiderLabs wrote. The four malware strains that have recently been detected using HTML smuggling in their infection chain are Cobalt Strike, Qakbot, IcedID, and Xworm RAT, the firm added.
More Stories
Another Chrome Vulnerability
Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability...
UK Insurance and NCSC Join Forces to Fight Ransomware Payments
UK insurers and the National Cybersecurity Centre release new guidance to discourage ransomware payments by businesses Read More
Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack
Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake...
How DDR Can Bolster Your Security Posture
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...
Hackers Use DNS Tunneling to Scan and Track Victims
Palo Alto Networks warns threat actors are using DNS tunneling techniques to probe for network vulnerabilities Read More
FCC Names and Shames First Robocall Threat Actor
In a first, the FCC has designated “Royal Tiger” as a malicious robocall threat group Read More