Threat Management

Novel Blank Image phishing technique detailed

BleepingComputer reports that threat actors have been employing the new Blank Image phishing technique that involves the obfuscation of blank SVG files within DocuSign document-impersonating HTML attachments. Such a technique could be leveraged to enable the bypass of redirect URL detections, according to a report from Avanan. Phishing emails purporting to be from DocuSign are being delivered to victims, who are then lured into signing the 'Scanned Remittance Advice.htm' document, which contains an SVG image with a JavaScript code redirecting recipients to a malicious URL. While the SVG image is empty, Avanan researchers observed in-background execution of the URL redirect code. "This is an innovative way to obfuscate the true intent of the message. It bypasses VirusTotal and doesnt even get scanned by traditional Click-Time Protection. By layering obfuscation upon obfuscation, most security services are helpless against these attacks," said Avanan. System administrators have been urged to block emails with HTML code and .HTM attachments as a precaution.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.