Microsoft warn that threat actors are increasingly using HTML smuggling technique in phishing campaigns to stealthily deliver threats.
HTML smuggling lets an attacker “smuggle” an encoded malicious script within a specially crafted HTML attachment or web page. When a target user opens the HTML in their web browser, the browser decodes the malicious script, which, in turn, assembles the payload on the host device.Thus, instead of having a malicious executable pass directly through a network, the attacker builds the malware locally behind a firewall.
The emails employed in the campaign attributed to DEV-0193used a specially crafted…
View original post 140 more words