Reportedly, threat actors have been using HTML smuggling at an alarmingly increasing rate to deploy various threats. Additionally, cybercriminals have been using these in various phishing and malware attacks.
Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the Mekotio banking Trojan, backdoors such as AsyncRAT and NjRAT, and the infamous TrickBot malware. The multi-staged attacks — dubbed ISOMorph — were also publicly documented by Menlo Security in July 2021.According to the reports of Cyware
After that, the attacker tries to smuggle first-stage droppers and then encode maliciously and virus-filled scripts with crafted HTML attachments and web pages, making the device malicious.
When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the host device.
HTML smuggling is yet another way by which the hackers have been trying out new ways to trick users into deploying the malicious codes into their software and devices. The use of HTML smuggling is being increasing day by day and the hackers have been trying to target the population at large by this method.
The only way users can be saved by this is by not opening any emails or attachments that might feel suspicious to the users.