Microsoft warns of surge in HTML smuggling phishing attacks

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,519
Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).

While HTML smuggling is not a new technique, Microsoft is seeing it increasingly used by threat actors to evade detection, including the Nobelium hacking group behind the SolarWinds attacks.

How HTML smuggling works​

HTML smuggling is a technique used in phishing campaigns that use HTML5 and JavaScript to hide malicious payloads in encoded strings in an HTML attachment or webpage. These strings are then decoded by a browser when a user opens the attachment or clicks a link.
 

wat0114

Level 7
Verified
Well-known
Apr 5, 2021
315
There is a demo site for this type of attack:

https://www.outflank.nl/demo/html_smuggling.html

demo test 01.png
demo test 02.png

demo test 03.png


In reality, of course, I would be awfully hesitant to open a surprise document.