Threat Library

HTML.Downloader.SmugX

Last updated: May 14th, 2023

HTML Smuggling, a technique in which attackers hide malicious payloads inside HTML documents. Malicious files are embedded within HTML documents, enabling them to evade network-based detection measures. Opening those malicious HTML documents results in the following chain of events:

  1. Adversaries may smuggle data and files past content filters by hiding malicious payloads inside of seemingly benign HTML files.
  2. It may deliver payloads to victims that bypass security controls through HTML Smuggling by abusing JavaScript Blobs and/or HTML5 download attributes
  3. Data may also be stored in Data URLs, which enable embedding media type or MIME files inline of HTML documents. HTML5 also introduced a download attribute that may be used to initiate file downloads.
  4. Malicious files or data can be obfuscated and hidden inside of HTML files through Data URLs and/or JavaScript Blobs and can be deobfuscated when they reach the victims.
Engine: File Reputation
Product:ZIA, ZPA + ZIA
Reference: Blog Post
Detection Details:
ConnectionCategorySeverityScore
InboundMALWAREMedium72