Phishing campaigns involving the Qakbot malware are utilizing Scalable Vector Graphics (SVG) photographs embedded in HTML e mail attachments.
The brand new distribution methodology was noticed by Cisco Talos, which said it recognized fraudulent e mail messages that includes HTML attachments with encoded SVG photographs that incorporate HTML script tags.
The ZIP archive can be password-protected, requiring customers to enter a password that is displayed within the HTML attachment, following which an ISO picture is extracted to run the Qakbot trojan.
The discovering comes as recent research from Trustwave SpiderLabs reveals that HTML smuggling assaults are a standard prevalence, with .HTML (11.39%) and .HTM (2.7%) recordsdata accounting for the second most spammed file attachment kind after .JPG photographs (25.29%) in September 2022.
“Having sturdy endpoint safety can forestall execution of probably obfuscated scripts, and forestall scripts from launching downloaded executable content material,” the researchers stated.
“HTML smuggling’s capacity to bypass content material scanning filters signifies that this method will most likely be adopted by extra risk actors and used with growing frequency.”