Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks

Source: Hacker News

Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.

Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the Mekotio banking Trojan, backdoors such as AsyncRAT and NjRAT, and the infamous TrickBot malware. The multi-staged attacks — dubbed ISOMorph — were also publicly documented by Menlo Security in July 2021.

HTML smuggling is an approach that allows an attacker to "smuggle" first-stage droppers, often encoded malicious scripts embedded within specially-crafted HTML attachment or web pages, on a victim machine by taking advantage of basic features in HTML5 and JavaScript rather than exploiting a vulnerability or a design flaw in modern web browsers.



Discusiones sobre el mismo tema

URL de retroenlace : https://www.ictal.org/index.php?trackback/2985

Fuente de los comentarios de esta entrada