A new attack campaign uses a combination of HTML smuggling techniques and data blobs to evade detection and download malware. The campaign exploits the JavaScript blob method which generates the malicious file in the web browser, thus avoiding detection by sandboxes and proxies. Researchers expect these evasive tactics to be incorporated in future attacks as well. Menlo Security: “We believe such techniques will be incorporated into the attackers arsenal and used to deliver the payload to the endpoint without network solutions blocking it
Source: security