A Chinese nation-state group has been using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems.
Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at least December 2022.
The campaign uses new delivery methods to deploy (most notably – HTML Smuggling a new variant of PlugX, an implant commonly associated with a wide variety of Chinese threat actors, the company said.
HTML smuggling employs HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code.
Earlier this February, Trustwave noted earlier this February that the multi-stage infection process utilizes DLL side-loading methods to decrypt and launch the final payload, PlugX.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply