Many phishing attacks still involve HTML attachments

Many threat actors continued to leverage HTML file attachments in phishing attacks during the first four months of 2022, reports BleepingComputer. Phishing emails with malicious HTML attachments totaled 2 million between January and April, peaking in March with more than 851,000 detections, according to a report from Kaspersky, which noted that the decline to nearly 387,000 detections in April was only temporary. Attackers have commonly leveraged JavaScript in HTML attachments, or HTML smuggling, to facilitate malicious URL and behavior concealment, while scripts are even obfuscated to further evade detection, said researchers. The report also showed that encoding approaches with "unescape()" and other deprecated functions are also being utilized by malicious actors. While phishing emails with malicious attachments were first observed to increase in prominence three years ago, its continued prevalence should prompt increased vigilance among users as opening the files could prompt automatic malware creation on the disk while evading security software detection, researchers added.