VERY IMPORTANT

In this blog, researchers at Trustwave cover some notable malware strains that have utilized HTML smuggling in their infection chain and they provide a brief analysis of each malware. The shift in malware delivery methods to using HTML is concerning, as it challenges email gateway scanners, endpoint protection, and security solutions, especially their ability to unpack, decode and detect such techniques. With HTML smuggling, the malware is concealed from the scanners as most AVs will see the HTML attachment only compared to using an ISO file attachment, which will immediately throw red flags