This Sneaky Trick Can Help Attackers Smuggle Malware into Networks

Microsoft has identified a new type of assault known as “HTML smuggling,” which is being used in email campaigns to distribute banking malware and remote access Trojans (RATs), as well as in targeted hacking attempts.

An attacker can “smuggle” an encoded malicious script into a carefully designed HTML attachment or web page via HTML smuggling. The Microsoft 365 Defender Threat Intelligence Team cautions that it’s a “very elusive” malware distribution approach that utilizes genuine HTML5 and JavaScript elements.

Because most organizations operate their business apps using HTML and JavaScript, this is a feasible attack approach. The issue is that cybercriminal gangs behind banking malware like Trickbot, RATs, and other malware are learning from state-sponsored attackers, which has resulted in a recent spike in HTML smuggling assaults.

There are a variety of methods to implement HTML smuggling via obfuscation, as well as a variety of ways to code JavaScript, making the approach very elusive against content analysis.