A recently uncovered, active campaign called “Duri” uses HTML smuggling to deliver malware.
The active campaign spotted utilises HTML smuggling to deliver malware, bypassing various network security solutions, including sandboxes, legacy proxies & firewalls.
Krishnan Subramanian, Security Researcher with Menlo Security, said that the campaign discovered on Tues., named “Duri,” has been ongoing since July.
It works like this: The attackers send victims a malicious link. When they click on the link, a ‘JavaScript blob technique’ is used to smuggle malicious files via the browser to the user’s endpoint (i.e., HTML smuggling). Blobs, which mean “Binary Large Objects” & are responsible for holding data, are implemented by web browsers.
HTML smuggling is not really a new technique, as it is been used by attackers for a while, remarked Subramanian. This campaign shows that bad players continue to rely on older attack methods that are known to work.
https://www.cybernewsgroup.co.uk/virtual-conference-september/