• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Phishers Use Blank Images to Disguise Malicious Attachments

You are here: Home / General Cyber Security News / Phishers Use Blank Images to Disguise Malicious Attachments
January 20, 2023

Security researchers have noticed another ground breaking strategy phishing actors are applying to bypass traditional security filters – this time working with blank photos.

The email in concern was detected by Check Issue business Avanan, and arrived as a legitimate-searching DocuSign concept.

Despite the fact that the connection in the email entire body will get the person instantly to a regular DocuSign web site, the HTML attachment at the base was more suspect.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The HTML file in query contained an SVG impression encoded with Foundation64.

“At the main, this is an vacant picture with energetic information inside of. In truth, there is JavaScript inside of the image. This redirects automatically to the destructive URL,” reported Avanan.

“Essentially, the hackers are hiding the malicious URL inside an empty graphic to bypass classic scanning companies.”

Clicking on the hyperlink would automatically take the consumer to a destructive web-site.

“This is an innovative way to obfuscate the genuine intent of the concept,” the security vendor concluded.

“It bypasses VirusTotal and does not even get scanned by regular Click on-Time Defense. By layering obfuscation upon obfuscation, most security providers are helpless against these attacks.”

It can be observed as a variation on a preceding “MetaMorph” attack noticed by Avanan quite a few decades ago, in which phishing actors use “meta refresh” to redirect the user from the HTML attachment hosted domestically to a phishing page on the community internet. A meta refresh is performance that instructs a web browser to automatically refresh the recent web web site after a supplied time interval.

To mitigate the menace, security admins are urged to be suspicious of, or outright block, HTML or .htm attachments in any inbound e-mails – dealing with them successfully like executables.


Some pieces of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News API Attacker Steals Data on 37 Million T-Mobile Customers
Next Post: “Workarounds” Helped Royal Mail Resume Shipping After Ransomware Attack Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.