Post Content Read More
Related Posts
Hackers Abuse HTML Smuggling Technique To Deliver Sophisticated Phishing Page
Hackers Abuse HTML Smuggling Technique To Deliver Sophisticated Phishing Page
HTML smuggling is a sophisticated technique used by threat actors to deliver malware by embedding malicious JavaScript within seemingly harmless HTML files.
This method exploits HTML5 and JavaScript features, allowing attackers to construct payloads directly on the victim’s machine when the HTML file is opened.
Trustwave SpiderLabs researchers recently identified that hackers have been actively abusing the HTML smuggling techniques to deliver sophisticated phishing pages.
Hackers Abuse HTML Smuggling Technique
Researchers uncovered a “sophisticated phishing campaign” employing “HTML smuggling.” The attack vector began with an email impersonating “American Express,” and this email contains a clickable link that acts as a ‘redirector.’
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration
While this initial redirect led to a second redirector, ultimately pointing to a “Cloudflare R2” public bucket hosting an ‘HTML file.’
The “JavaScript” utilized ‘HTML smuggling’ by encoding the actual phishing page as a long ‘Base64 string.’ Upon execution, the script using the “atob() function” decodes the ‘Base64 string’ into plain “HTML.”
After that it creates a “Blob object” from the ‘decoded HTML,’ then using “window.URL.createObjectURL()” it generates a ‘blob URL,’ and then it loads this content into the current browser window via “window.location.href.”
By delivering the malicious payload as seemingly harmless “HTML and JavaScript” the attackers evade certain security measures.This complete mechanism enables them to reveal the true phishing page upon client-side execution.
The entire process illustrates a “multi-stage” attack chain that is specifically designed to evade detection and deliver a convincing phishing experience to potential victims.
The “Blob URLs and URIs” are temporary web addresses that reference the binary data stored in blob objects.
While these objects enable threat actors to flexibly in handle the files and media within the web browsers.
However, threat actors exploit this technology via “HTML smuggling” to generate malicious files directly in the “user’s browser” rather than ‘downloading them from a server.’
This method creates the “client-side files” which helps in evading the security measures that monitors the ‘incoming server-side content.’
Besides this, HTML smuggling enables the covert distribution of harmful payloads disguised as harmless data.
Using blob URLs to create and handle files locally enables attackers to conduct covert operations that are difficult to notice and trace.
This technique is particularly effective in the cloud era, as it evades the “email scanners,” “endpoint protection,” and other “security tools” by hiding phishing content within seemingly harmless HTML files.
This process usually involves the embedding of obfuscated JavaScript code, when it’s executed it make use of the blob URLs to generate and deploy a malicious payload. This complete process makes the detection more challenging.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try It for Free
The post Hackers Abuse HTML Smuggling Technique To Deliver Sophisticated Phishing Page appeared first on Cyber Security News.
“Largest botnet ever” disrupted. 911 S5’s alleged mastermind arrested
“Largest botnet ever” disrupted. 911 S5’s alleged mastermind arrested
A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation.
Read more in my article on the Tripwire State of Security blog. Read More
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. […] Read More