Researchers Warn of Active Malware Campaign Using HTML Smuggling August 18, 2020 https://threatpost.com/active-malware-campaign-html-smuggling/158439/
Duri campaign smuggles malware via HTML and JavaScript August 18, 2020 https://www.bleepingcomputer.com/ne...ign-smuggles-malware-via-html-and-javascript/
Microsoft warns of weeks-long malspam campaign abusing HTML smuggling July 26, 2021 https://therecord.media/microsoft-warns-of-weeks-long-malspam-campaign-abusing-html-smuggling/
Doesn't Microsoft ever do any real work or effort testing for such on their own dang systems? No. They shove them out the door and cope with the fallouts later as usual.
Reports Point to Uptick in HTML Smuggling Attacks Menlo Security and Microsoft report recent campaigns implementing the technique, which helps attackers stealthily deliver malware. July 30, 2021 https://www.darkreading.com/attacks-breaches/reports-point-to-uptick-in-html-smuggling-attacks Menlo Security: ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
Microsoft warns of surge in HTML smuggling phishing attacks November 12, 2021 https://www.bleepingcomputer.com/ne...-of-surge-in-html-smuggling-phishing-attacks/ Microsoft: HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
Attackers use SVG files to smuggle QBot malware onto Windows systems By Bill Toulas @billtoulas - December 14, 2022 Cisco Talos: HTML smugglers turn to SVG images
I guess I need to do some reading because I still can't fully picture how these attacks work. But from what I understood, they are not true ''drive by attacks'' since the user will still have to run the malware manually.
New 'Blank Image' attack hides phishing scripts in SVG files By Bill Toulas @billtoulas - January 19, 2023
HTML smuggling -- the latest way to to deliver malware By Ian Barker @IanDBarker - February 9, 2023 SpiderLabs: HTML Smuggling: The Hidden Threat in Your Inbox