Microsoft has flagged a relatively new style of attack, dubbed “HTML smuggling”, which is being used in email campaigns that deploy banking malware and remote access Trojans (RATs), and as part of targeted hacking attacks.
It’s a nasty trick that bypasses standard network perimeter security, such as web proxies and email gateways, since the malware is built inside the network after an employee opens a web page or attachment with the malicious HTML script. So, a company’s network can be hit even if gateway devices check for suspicious EXE, ZIP, or Office documents.
SEE: A winning strategy for cybersecurity (ZDNet special report)
“When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the host device. Thus, instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind a firewall,” Microsoft warns.
It’s a practical attack