Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).
While HTML smuggling is not a new technique, Microsoft is seeing it increasingly used by threat actors to evade detection, including the
Nobelium hacking group behind the SolarWinds attacks.
How HTML smuggling works
HTML smuggling is a technique used in phishing campaigns that use HTML5 and JavaScript to hide malicious payloads in encoded strings in an HTML attachment or webpage. These strings are then decoded by a browser when a user opens the attachment or clicks a link.