Researchers Warn of Active Malware Campaign Using HTML Smuggling

A recently uncovered, active campaign called “Duri” makes use of HTML smuggling to deliver malware.

An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls.

Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign uncovered on Tuesday, dubbed “Duri,” has been ongoing since July.

It works like this: The attackers send victims a malicious link. Once they click on that link,  a JavaScript blob technique is being used to smuggle malicious files via the browser to the user’s endpoint (i.e., HTML smuggling). Blobs, which mean “Binary Large Objects” and are responsible for holding data, are implemented by web browsers.

Because HTML smuggling is not necessarily a novel technique — it’s been used by attackers for awhile, said Subramanian — this campaign shows that bad actors continue to rely on older attack methods that are working. Learn more about this latest attack and how enterprises can protect themselves from HTML-smuggling attacks, during this week’s Threatpost podcast.

Listen to the full podcast below or download direct here.

Also, check out our podcast microsite, where we go beyond the headlines on the latest news.

Suggested articles

Discussion

  • Jim Bray on

    Excellent webinar. HTML Smuggling is why NIST published new guidance on Friday for Zero Trust Architecture (ZTA.) ZTA is your only defense against these types of malware. The new FIDO2 Authentication standard complements ZTA by totally eliminating passwords and encrypting all data including offline. 99% of malware has to acquire someones login password. By eliminating passwords malware is ineffective. If you have not a pad cast on FIDO2 and NIST ZTA please let me know and i can provide a not of educational information on the NIST ZTA and the FIDO2 Authentication standard.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.