The Blank Image Attack is where hackers are placing blank images within HTML attachments.
When opening the attachment, the user is automatically redirected to a malicious URL.
- Vector: Email
- Type: Malware
- Techniques: Social Engineering, Blank Image, HTML Redirect
- Target: Any end-user
“The hackers are hiding the malicious URL inside an empty image to bypass traditional scanning services”, Avanan.
The JavaScript embedded in the SVG image is executed when it is displayed by an HTML document using a <embed> or <iframe> tag.
Researchers say the SVG is blank in this DocuSign-themed campaign. Although the victim doesn’t see anything on their screen, the URL redirect code is still active.
“This is an innovative way to obfuscate the true intent of the message. It bypasses VirusTotal and doesn’t even get scanned by traditional Click-Time Protection”, researchers
By layering obfuscation upon obfuscation, most security services are helpless against these attacks”
Therefore, any email with an HTML or.htm attachment should be avoided. Administrators ought to think about blocking HTML attachments and handling them similarly to executables (.exe, .cab).
Learn more about the malware attack methods at Avanan blog by Jeremy Fuchs and GBHackers blog by Guru Baran.