1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft sounds alarm over 'highly evasive' banking malware

    From TechnologyDaily@1337:1/100 to All on Fri Nov 12 15:30:04 2021
    Microsoft sounds alarm over 'highly evasive' banking malware

    Date:
    Fri, 12 Nov 2021 15:21:18 +0000

    Description:
    Threat actors are increasingly relying on HTML smuggling to ferry all kinds
    of malicious payloads right under the nose of the usual protection tools.

    FULL STORY ======================================================================

    Microsofts cybersecurity researchers have noticed an uptick in the use of a malware delivery technique known as HTML smuggling in email campaigns that deploy banking malware, remote access Trojans (RATs), and other malicious payloads.

    HTML smuggling enables attackers to conceal an encoded script within a specially crafted HTML attachment, which assembles the malicious payload
    right on the victims machine.

    This technique is highly evasive because it could bypass standard perimeter security controls, such as web proxies and email gateways , that often only check for suspicious attachments (for example, EXE, ZIP, or DOCX) or traffic based on signatures and patterns, note the researchers. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    The technique proves to be effective against most protection solutions like antivirus apps and firewalls because they only see what appears to be non-threatening HTML and JavaScript traffic, which the researchers can also
    be obfuscated to further trick the protection mechanisms. Malware silk route

    The researchers share that HTML smuggling has been popularly used in banking malware campaigns, against targets in Brazil, Mexico, Spain, Peru, and Portugal. Furthermore, beyond banking malware campaigns, sophisticated, and targeted cyberattacks have also been observed to incorporate HTML smuggling
    in their arsenal.

    They note that between July and August, open source intelligence (OSINT) community signals showed an uptick in the use of HTML smuggling in campaigns that deliver remote access Trojans (RATs) such as AsyncRAT/NJRAT, followed by an email campaign in September that leveraged HTML smuggling to deliver the Trickbot malware.

    The surge in the use of HTML smuggling in email campaigns is another example of how attackers keep refining specific components of their attacks by integrating highly evasive techniques, note the researchers, adding how Microsoft 365 Defender uses multiple techniques including machine learning ( ML ) to protect against such threats.



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-sounds-alarm-over-highly-evasive-bank ing-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)