Malicious actors are exploiting Cascade Style Sheets (CSS) used to style and format web page layouts, bypassing spam filters, and tracking user actions.
This states that, according to a new finding from Cisco Talos, such malicious activities can undermine the safety and privacy of victims.
“The features available in CSS allow attackers and spammers to track user actions and preferences, but some features related to dynamic content (e.g. JavaScript) are restricted to email clients compared to web browsers,” Talos Researcher Omid Mirzaei said in a report published last week.
This insight is based on previous findings from cybersecurity companies about a surge in email threats that utilize hidden text salt in late 2024 with the aim of circumventing email spam filters and security gateways.
This technique involves including comments that are not visible to the victim when rendered to an email client, and irrelevant content, particularly using legitimate features of Hypertext Markup Language (HTML) and CSS, but can trip down the parser and detection engine.
A recent analysis of TALOS found that threat actors use CSS properties such as Text_indent and Opacity to hide unrelated content from being visible to email institutions. The ultimate goal of these campaigns is, in some cases, to redirect email recipients to a phishing page.
Additionally, it has been revealed that CSS provides CSS with the opportunity to monitor user behavior via SPAM email by embedding CSS properties such as @Media CSS AT-Rule and opening the door to potential fingerprint attacks.
“This abuse ranges from identifying recipients’ font and color scheme preferences and client languages to tracking actions (e.g., displaying and printing emails),” explained Mirzaei.
“CSS offers a wide range of rules and properties that can threaten spammer and threat actor fingerprint users, webmail or email clients, and systems. For example, Media At Rules can detect certain attributes of a user’s environment, such as screen size, resolution, and color depth.”
To mitigate the risk poses by such threats, we recommend implementing advanced filtering mechanisms to detect hidden text salting and content concealment and using email privacy proxy.
Source link
