Dismiss this notice
Panda Dome Complete MakeUSLaugh Mother's Day 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6837

Dismiss this notice
Iobit Driver Booster 6 Professional Mother's Day 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6777

Dismiss this notice
Advanced SystemCare 12 Professional Mother's Day 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6776


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Strange Bits: HTML Smuggling and GitHub Hosted Malware
#1
Information 
Quote:
[Image: G_DATA_Blog_StrangeBits_Blue_Header.jpg]

Sometimes we see odd stuff, like malware that employs a technique called "HTML Smuggling". Also, malware on GitHub seems to be a thing these days.


"That's strange..."

Many important discoveries do not start with a shouting of „Eureka” anymore, as they did in the days of old. Instead, the most intriguing bits of modern research will at some point contain the phrase “That’s strange…”, followed by more prodding and poking and – hopefully – a lightbulb moment. This series that we call "Strange Bits" contains many findings that struck our analysts as odd, either because they do not seem to make any sense at the time or because a malicious program exhibits behaviors that none of us have seen before. Maybe these findings will spark ideas in other fellow researchers – maybe those findings are just what it says on the tin: Strange….

DanaBot loader uses HTML smuggling

This email has an unusual way to store contained malware. The email[1] displays polish text which prompts the user to click on a download link. The translated text says "This file can not be previewed. You can download the file."

The <a> tag for this link has a download attribute with the name of the dropped ZIP archive: dokumentacja_28380.zip[2]. However, the referenced data in the href attribute is not downloaded from a URL but saved as a base64 string using the data URI scheme. This is also called HTML smuggling (thanks to Rich Warren who gave me a hint to the blog post).
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Brave Browser Updates
Last Post: silversurfer
Yesterday 20:42
» Replies: 21
» Views: 770
Google Chrome Updates
Last Post: silversurfer
Yesterday 20:39
» Replies: 13
» Views: 529
Magecart Skimmer Poses as Payment Servic...
Last Post: silversurfer
Yesterday 18:50
» Replies: 0
» Views: 23
Attackers Could Use Mobile Device Sensor...
Last Post: silversurfer
Yesterday 18:47
» Replies: 0
» Views: 22
RogueKiller 13.2.1
Last Post: harlan4096
Yesterday 15:49
» Replies: 0
» Views: 26
Mozilla Firefox
Last Post: harlan4096
Yesterday 15:47
» Replies: 25
» Views: 2017
Tor Browser 8.0.2
Last Post: harlan4096
Yesterday 15:45
» Replies: 8
» Views: 232
K-Lite Codec Pack 14.5.0
Last Post: harlan4096
Yesterday 15:43
» Replies: 18
» Views: 514
LibreOffice 6.1.2
Last Post: harlan4096
Yesterday 15:41
» Replies: 6
» Views: 254
AV-Comparatives: Business Security Test ...
Last Post: harlan4096
Yesterday 15:39
» Replies: 0
» Views: 32
Avast! 19.5.4444
Last Post: harlan4096
Yesterday 15:36
» Replies: 0
» Views: 25
MRG Effitas: 360 Degree Assessment & Cer...
Last Post: harlan4096
Yesterday 15:31
» Replies: 0
» Views: 28
Researcher Drops Windows 10 Zero-Day Exp...
Last Post: silversurfer
Yesterday 12:21
» Replies: 0
» Views: 39
Google Warns G Suite Customers of Passwo...
Last Post: silversurfer
Yesterday 12:16
» Replies: 0
» Views: 31
Media Creation Tool for Windows 10 May 2...
Last Post: silversurfer
Yesterday 12:10
» Replies: 0
» Views: 28
Microsoft Confirms New Issues in Windows...
Last Post: silversurfer
Yesterday 12:05
» Replies: 0
» Views: 29
Apple Announces World's First 8-Core Mac...
Last Post: silversurfer
21 May 19 20:35
» Replies: 0
» Views: 43
Microsoft Redesigns Outlook Notification...
Last Post: silversurfer
21 May 19 20:33
» Replies: 0
» Views: 48
Chromium-Based Microsoft Edge Preview fo...
Last Post: silversurfer
21 May 19 20:29
» Replies: 0
» Views: 40
Mozilla Firefox 67 Now Available for Dow...
Last Post: silversurfer
21 May 19 20:27
» Replies: 0
» Views: 36

[-]
Staffs Online
There are no staff members currently online.