Researchers recently uncovered the new active malware campaign that uses HTML smuggling. The campaign named ‘Duri‘ was used to deliver malware to the target systems. They successfully bypassed different network solution measures like legacy proxies, firewalls, and sandboxes.
The campaign operates by sending unsuspecting users a malicious link. The link uses JavaScript blob method and smuggles in nefarious links to the user’s device via the browser. The browsers deploy binary large objects (Blobs), which are responsible for containing data.
HTML smuggling is not a new threat actor; it has been around for years. The incident highlights the utilization of continued validity of older attack methods, even in the current scenario.
Source: Threatpost