"Attackers Peddle Malware via Blank Email Images"

Researchers at Avanan report that attackers have found a means to circumvent antivirus services such as VirusTotal by embedding malware in "blank images" in emails. According to the researchers, hackers can use this method to target nearly anyone. As with most attacks, the objective is to obtain something from the end user, such as credentials or money. Similar to the majority of phishing attacks, the threat actors hit victims through email. The campaign presents potential victims with a fraudulent document appearing to come from the electronic agreements management service DocuSign. Recipients are asked to review and sign the document. The link leads to an official DocuSign page. The true threat lies in the HTM attachment sent along with the DocuSign link. According to the researchers, the attachment includes an SVG image encoded using Base64, a binary-to-text encoding scheme. Even though the image is blank, the file contains active content, a JavaScript that redirects to the malicious URL. This article continues to discuss the method being used by attackers to evade antivirus services like VirusTotal.  

Cybernews reports "Attackers Peddle Malware via Blank Email Images"