Security News > 2021 > November > Microsoft warns of surge in HTML smuggling phishing attacks
Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans.
While HTML smuggling is not a new technique, Microsoft is seeing it increasingly used by threat actors to evade detection, including the Nobelium hacking group behind the SolarWinds attacks.
HTML smuggling is a technique used in phishing campaigns that use HTML5 and JavaScript to hide malicious payloads in encoded strings in an HTML attachment or webpage.
A phishing HTML attachment could include a harmless link to a known website, thus not being seen as malicious.
The attacks usually start with a phishing email containing an HTML link in the body of the message or a malicious HTML file as an attachment.
If either is clicked, a ZIP file is dropped using HTML smuggling.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)