The cybercriminals continuously update their methods to stay ahead of the security measures. In their latest technique, threat actors use CSS in emails for malicious intent. Attackers hide malicious CSS code in their messages, enabling spam filter avoidance and unnoticeable user tracking. The method stealthily alters email contents, which seem safe until hidden objectives emerge.
CSS, an email design tool for aesthetics, has evolved into an undetected cybercriminal instrument. Attackers evade spam warnings through direct embedment of tracking elements that exist inside the design aspects of email code. Attackers are now inserting CSS-based tracking elements in their scams, which provide complete monitoring of email open times together with view durations and recipient engagement.
According to Talos’ most recent investigation, threat actors use CSS characteristics such as text_indent and opacity to obscure irrelevant content from appearing in the email body. In certain situations, the ultimate purpose of these campaigns is to drive the email recipient to a phishing page.
Spam filters prevent spam messages by processing email structure, analyzing content patterns, and inspecting all attached links. Because attackers make CSS exploit code appear legitimate to detection systems, it becomes difficult to distinguish safe code from malicious code. The delivery of harmful code through CSS depends on attributes like background images and hidden pixels that point toward external servers. The style file fetch request sent by the device after opening an email activates the attacker’s server through which they obtain device information and location data about the user.
Users can trigger dynamic content modifications through CSS techniques built for this purpose. The attacker can transform the email content through CSS rules to show a different message or layout after a receiver finally opens an unopened email to enhance the chance of user interaction. The method becomes more potent for sneaking past security measures that focus only on checking the mail’s original version.
Increasing malicious CSS usage continues the challenge between security protection measures and developer advancements in cyber-attacks. The adaptation of new cyber threats by cyber criminals against everyday technologies leads cyber experts to continuously evolve their defense methods. Preventing deceptive attacks requires being properly informed and being proactive about them.
