A spam E-mail operation, which abused a technique named “HTML smuggling” to circumvent E-mail security measures and transmit malware on users’ devices, was identified by Microsoft’s security team.

HTML smuggling is a method used to overcome security systems by malicious HTML generation behind the firewall – in the browser at the targeted endpoint evading all in place network security solutions

Typically network security solutions work by analyzing the ‘wire’ or information flows from the network to search for identified malware signatures and trends within the byte stream. The destructive payloads are built on the target device in the browser through the use of HTML smuggling so that no items are passed to the network’s security systems for detection.

The underlying concept behind an HTML email-based counterfeits is to include a link to an email document, which does not look harmful if it is scanned, or to a file type that email security programs, like EXE, DOC, MSI, and others, deem to be harmful.

Furthermore, it does employ certain HTML elements, such as “href” and “download,” as well as JavaScript code, while accessing the URL for an assembled harmful file within the browser.

Microsoft stated it tracked an e-mail spam campaign that lasted weeks abusing HTML smuggling to put a destructive ZIP file on machines.

Files in the ZIP file, unfortunately, infect the users with the banking trojan Casbaneiro, traditional Latin American bank Trojan that focuses on Brazilian and Mexican banks and cryptocurrency services. It leverages the method of social engineering, which displays false pop-up windows. These pop-ups attempt to entice potential victims to provide critical information; this information is stolen if it succeeds.

Though announced that Microsoft Defender for Office 365 might recognize HTML-contracted files, OS maker raises a warning for customers who are not their clients or those who are unaware of the technology or do not have email security devices that scan incoming emails.