HTML smuggling -- the latest way to to deliver malware
Since Microsoft began the default blocking of macros in documents sent over the internet there's been an increase in the use of HTML files to deliver malware.
This allows threat actors to take advantage of the versatility of HTML in combination with social engineering to lure the user into saving and opening the malicious payload. The latest campaigns have been impersonating well-known brands like Adobe Acrobat, Google Drive and Dropbox to increase the chances of users opening the archives.
Malware strains delivered include the Qakbot Trojan and Cobalt Strike -- a pen testing tool that's often abused by threat actors to probe networks for vulnerabilities.
Security researchers Bernard Bautista and Diana Lopera write on the Spiderlabs blog:
We expect to see more sophisticated malware delivered through HTML smuggling with more compelling lures impersonating well-known products and social engineering tricks, complex obfuscation on the HTML level evading signature-based detection, and diverse attack sequences that may require more user interaction but may still be effective to gain initial access.
We always remind everyone to stay vigilant in this ever-changing digital landscape.
You can read more to the Spiderlabs blog.
Image credit: Rawpixel/depositphotos.com