This sneaky trick lets attackers smuggle malware onto your network

Microsoft has flagged a relatively new style of attack, dubbed “HTML smuggling”, which is being used in email campaigns that deploy banking malware and remote access Trojans (RATs), and as part of targeted hacking attacks.

HTML smuggling lets an attacker “smuggle” an encoded malicious script within a specially crafted HTML attachment or web page. It’s a “highly evasive” malware delivery technique that uses legitimate HTML5 and JavaScript features warns the Microsoft 365 Defender Threat Intelligence Team

ZDNet Recommends

It’s a nasty trick that bypasses standard network perimeter security, such as web proxies and email gateways, since the malware is built inside the network after an employee opens a web page or attachment with the malicious HTML script. So, a company’s network can be hit even if gateway devices check for suspicious EXE, ZIP, or Office documents. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

“When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the host device. Thus, instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind a firewall,” Microsoft warns. 

It’s a practical attack

Read More: