Malicious actors are exploiting Cascading Type Sheets (CSS), that are used to type and format the format of net pages, to bypass spam filters and monitor customers’ actions.
That is in line with new findings from Cisco Talos, which stated such malicious actions can compromise a sufferer’s safety and privateness.
“The options out there in CSS permit attackers and spammers to trace customers’ actions and preferences, though a number of options associated to dynamic content material (e.g., JavaScript) are restricted in e-mail shoppers in comparison with net browsers,” Talos researcher Omid Mirzaei stated in a report printed final week.
The insights construct upon earlier findings from the cybersecurity firm a couple of spike in e-mail threats leveraging hidden textual content salting within the second half of 2024 with an intention to get round e-mail spam filters and safety gateways.
This system notably entails utilizing official options of the Hypertext Markup Language (HTML) and CSS to incorporate feedback and irrelevant content material which might be invisible to the sufferer when rendered in an e-mail shopper however can journey up parsers and detection engines.
The newest evaluation from Talos has discovered that menace actors are utilizing CSS properties like text_indent and opacity to hide irrelevant content material from being displayed within the e-mail physique. The tip objective of those campaigns, in some instances, is to redirect the e-mail recipient to a phishing web page.
Moreover, it has emerged that CSS presents alternatives for menace actors to observe consumer conduct by way of spam emails by embedding CSS properties such because the @media CSS at-rule, thus opening the door to potential fingerprinting assaults.
“This abuse can vary from figuring out recipients’ font and coloration scheme preferences and shopper language to even monitoring their actions (e.g., viewing or printing emails),” Mirzaei defined.
“CSS supplies a variety of guidelines and properties that may assist spammers and menace actors fingerprint customers, their webmail or e-mail shopper, and their system. For instance, the media at-rule can detect sure attributes of a consumer’s setting, together with display dimension, decision, and coloration depth.”
To mitigate the chance posed by such threats, it is really useful to implement superior filtering mechanisms to detect hidden textual content salting and content material concealment, in addition to use e-mail privateness proxies.