Security News > 2020 > August > Ongoing Campaign Uses HTML Smuggling for Malware Delivery
An ongoing cybercrime campaign is employing a technique known as HTML smuggling to deliver malware onto the victim's machine, Menlo Security reports.
Referred to as Duri, the campaign started in early July and continues to date, attempting to evade network security solutions, including proxies and sandboxes, to deliver malicious code.
The employed technique, HTML smuggling, relies on HTML5/JavaScript for the download of files, and can be of two types: Data URLs are used for the download; or a JavaScript blob is created, and a specific MIME-type is used to download content.
As part of the attack, the victim visits a malicious site, which triggers the download through HTML smuggling.
"Attackers are constantly tweaking their tactics in an effort to evade and bypass security solutions-forcing tools that rely on a detect-and-respond approach to always play catch-up. We believe HTML smuggling is one such technique that will be incorporated into the attackers' arsenal and used more often to deliver the payload to the endpoint without network solutions blocking it," the security firm concludes.