Malicious actors are using Cascading Style Sheets ( CSS), which are used to style and format web pages, to evade spam filters and monitor users ‘ actions.
According to recent findings from Cisco Talos, like destructive behavior can compromise a victim’s privacy and security.
Even though several features related to dynamic content ( such as JavaScript ), are restricted in email clients compared to web browsers, Talos researcher Omid Mirzaei in a report released last week,” The features available in CSS allow attackers and spammers to track users ‘ actions and preferences.
The insights are based on earlier studies from the security firm regarding the rise in email threats leveraging hidden word drying in the second quarter of 2024 in an effort to circumvent email spam filters and security gateways.
Use of legitimate features from the Hypertext Markup Language ( HTML) and CSS to include comments and irrelevant content that are invisible to the victim when rendered in an email client but can derail parsers and detection engines is a key component of this approach.
Concern actors are using CSS features like and transparency to keep useless content from appearing in emails, according to the most recent analysis from Talos. Sometimes these activities have the end goal of redirecting the email recipient to a spoofing website.
Additionally, it has been discovered that CSS provides opportunities for threat players to monitor customer behaviour via phishing emails by embedding CSS properties like the CSS at-rule, opening the door to possible fingerprinting attacks.
” This abuse can range from identifying recipients ‘ preferences for font and color schemes and client languages,” Mirzaei explained. It can also include tracking their actions ( such as viewing or printing emails ).
” CSS provides a wide range of rules and parameters that can assist spammers and threat actors in fingerprinting their systems, webmail clients, and systems. For instance, the media at-rule may identify a person’s environment’s specific characteristics, such as screen resolution, color depth, and resolution.
It’s advised to apply sophisticated filtering techniques to detect hidden text drying and glad concealment, as well as use e-mail privacy proxies, to reduce the risk posed by these threats.