Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools
HP Wolf Security has released its latest Threat Insights Report, which details events occurring in Q3 of 2022. The report states that the security company found that attackers have been increasingly encrypting malware in archives before releasing it in the wild to be used in cyberattacks. According to the report, 44% of malware was delivered through archives in Q3 2022, marking an 11% increase from the previous quarter. Additionally, this percentage was much higher than the 32% of malware delivered through Office files.
The report was published on Thursday and confirmed that the team identified several campaigns occurring in the past several months that combined archive files with HTML smuggling techniques. This includes embedding malicious archive files into HTML files, a tactic that evades detection in the process of launching attacks. Although this process has been previously identified, its usage increased in Q3. The report mentions QakBot and IceID campaigns that relied on this tactic, creating HTML files to direct users to fraudulent online document viewers. Victims of these campaigns were prompted to open a ZIP file in the viewer disguised as Adobe that deployed malware onto the victims’ devices.