Seasoning email threats with hidden text salting

Cisco Talos observed an increase in the number of email threats leveraging hidden text salting also known as "poisoning" in the second half of 2024. Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely...

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat aka DarkCrystal RAT by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously...

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Cisco Talos has spotted several malicious email campaigns over the past few months that disguise JavaScript code within HTML email attachments, a technique commonly known as "HTML Smuggling." Cisco Talos has noticed that some industry verticals were targeted more than others by email threats usin...

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle Ai...

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is...

European Ministries Fall Victim to Chinese Hacker’s SmugX Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Chinese nation-state group has been persistently conducting a campaign targeting Foreign Affairs ministries and embassies in Europe. They employ HTML smuggling techniques to distribute a new variant of...

Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX

A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at...

Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX

A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX , has been ongoing since at...

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control C2 servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2...

Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks

An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control C2 servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2...

Hackers Using SVG Files to Smuggle QBot Malware onto Windows Systems

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics SVG images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that...

HTML smugglers turn to SVG images

HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victims device...

Demystifying Qbot Malware

Demystifying Qbot Malware By Adithya Chandra and Sushant Kumar Arya · August 24, 2022 Executive summary The Trellix SecOps Team has observed an uptick in the Qbot malware infections in recent months. Qbot has been an active threat for over 14 years and continues to evolve, adopting new infection...

Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks

Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans RATs, and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team...

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans RATs, and other payloads related to targeted attacks. Notably, this technique was observe...

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans RATs, and other payloads related to targeted attacks. Notably, this technique was observe...

Researchers Warn of Active Malware Campaign Using HTML Smuggling

An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign...

SharpShooter - Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the...

Payload Generation Framework: SharpShooter

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the...