Malicious actors are utilizing Cascading Style Sheets ( CSS), which are used to style and format web pages, to evade spam filters and monitor users ‘ actions.
According to recent findings from Cisco Talos, for nefarious activities may compromise a victim’s privacy and security.
Even though several dynamic content features ( such as JavaScript ) are restricted in email clients as opposed to web browsers, Talos researcher Omid Mirzaei stated in a report released last week that” the features available in CSS allow attackers and spammers to track users ‘ actions and preferences.
The insights are based on earlier studies from the security firm regarding a rise in email threats leveraging hidden word drying in the second quarter of 2024 in an effort to get around email spam filters and safety gateways.
Use legitimate features of the Hypertext Markup Language ( HTML) and CSS to include comments and irrelevant content that are invisible to the victim when rendered in an email client but can obstruct parsers and detection engines is a particular example of this technique.
Concern actors are using CSS features like and opaque to prevent useless articles from appearing in emails, according to the most recent analysis from Talos. Sometimes these activities have the end goal of redirecting the email recipient to a spoofing website.
Additionally, it has been discovered that CSS provides opportunities for threat players to monitor customer behaviour via phishing emails by embedding CSS properties like the CSS at-rule, opening the door to possible fingerprinting attacks.
” This abuse can range from identifying recipients ‘ preferences for font and color schemes and client languages to tracking their actions ( e .g., viewing or printing emails ),” Mirzaei explained.
” CSS offers a wide range of rules and parameters that can assist marketers and threat actors in fingerprinting people, their webmail or internet client, and their system. For instance, the media at-rule may identify a user’s environment’s specific characteristics, such as screen size, quality, and color depth.
It’s advised to use internet privacy proxies as well as innovative filtering techniques to detect hidden text drying and content concealment in order to reduce the risk posed by these threats.