New studies revealed that HTML files are still at the top of most utilised attachments used by threat actors in performing phishing attacks. Records from the first quarter of 2022 showed how attaching these files has effectively bypassed anti-spam solutions and tricked victims into opening malicious files.
HyperText Markup Language or HTML is a standard markup language that assigns documents to be opened and viewed through web browsers. Hackers leverage HTML files in phishing campaigns to redirect their victims to malicious websites or trick them into downloading email attachments. Some phishing actors also use the tool to display phishing forms locally on the user’s browser.
Since attaching HTML files is detected as unharmful by many email security solutions, hackers take the opportunity to their advantage.
Over 2 million malicious emails were detected in the first quarter of this year with attached HTML files. Cybersecurity researchers conclude that the trend of using the tool has remained popular in the cybercrime landscape.
Site redirections, data-stealing, and phishing forms utilising HTML attachments are employed through several methods. The attached HTML files in the malicious emails are base64 encoded, which lets secure email gateways and AV tools scan malicious scripts or suspicious behaviours in a file.
Using JavaScript in the HTML attachments is one of the most effective ways for hackers to evade detection while establishing malicious phishing forms or redirections. This procedure is called HTML smuggling, a widely used technique by threat actors ever since.
To ensure that security solutions will not be able to detect their malicious scripts, hackers also hide them using publicly-available tools in the market that accepts custom and unique configurations. For instance, previous reports about hackers using morse code in HTML files were discovered hiding a phishing form that the attachment would display if opened by the victim.
It is highly recommended to treat HTML files attached to emails as suspicious, especially if they come from unknown senders. Several security tools and anti-virus software may fail to detect these malicious attachments as dangerous due to the obfuscation techniques applied by the threat actors. That is why users must stay vigilant when dealing with their matters online.
