Menu Close

Beware the ‘Blob’! Warning of Active Malware Campaign that uses HTML Smuggling!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

A recently uncovered, active campaign called “Duri” uses HTML smuggling to deliver malware.

The active campaign spotted utilises HTML smuggling to deliver malware, bypassing various network security solutions, including sandboxes, legacy proxies & firewalls.

Krishnan Subramanian, Security Researcher with Menlo Security, said that the campaign discovered on Tues., named “Duri,” has been ongoing since July.

It works like this: The attackers send victims a malicious link. When they click on the link,  a ‘JavaScript blob technique’ is used to smuggle malicious files via the browser to the user’s endpoint (i.e., HTML smuggling). Blobs, which mean “Binary Large Objects” & are responsible for holding data, are implemented by web browsers.

HTML smuggling is not really a new technique, as it is been used by attackers for a while, remarked Subramanian. This campaign shows that bad players continue to rely on older attack methods that are known to work.

Virtual Conference September 2020

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds