Microsoft warns of surge in HTML smuggling phishing attacks


Level 37
Thread author
Top poster
Feb 4, 2016
Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).

While HTML smuggling is not a new technique, Microsoft is seeing it increasingly used by threat actors to evade detection, including the Nobelium hacking group behind the SolarWinds attacks.

How HTML smuggling works​

HTML smuggling is a technique used in phishing campaigns that use HTML5 and JavaScript to hide malicious payloads in encoded strings in an HTML attachment or webpage. These strings are then decoded by a browser when a user opens the attachment or clicks a link.


Level 7
Apr 5, 2021
There is a demo site for this type of attack:

demo test 01.png
demo test 02.png

demo test 03.png

In reality, of course, I would be awfully hesitant to open a surprise document.