Once believed to be bereft of the security risks inherent in plugins like Adobe Flash, HTML5 attributes enable malware attacks, and The Media Trust is reporting that it has discovered numerous malware incidents in the hypertext markup language.
In a blog posted today, The Media Trust wrote, “The malware, which has produced at least 21 separate incidents affecting dozens of globally recognized digital media publishers and at least 15 ad networks, uses JavaScript commands in order to hide within HTML5 creative and avoid detection. The scale of the infection marks a turning point for HTML5’s presumed security and demonstrates the advances malware developers have made in exploiting the open standards’ basic functionality to launch their attack.”
Introduced as code that enabled an improved user experience when playing multimedia content on computers and mobile devices, HTML5 has served as a viable and more secure alternative to the Flash plugin. In 2015, when Flash was identified as the source of the greatest security risk facing companies and individuals, security was cited as the chief reason for HTML5 adoption.
“In fact, over the past five years, developers, along with publishers and browser providers, have staged a mass exodus from Flash technology into HTML5, which seemed to promise greater security and more advanced web app features,” The Media Trust wrote.
However, the malware team at the Media Trust has discovered that the very attributes that allow HTML5 to deliver the content of popular formats without external plugins are also being used to cloak malware. By breaking it into smaller parts, the malware is harder to detect, but when certain conditions are met, those broken parts are pieced back together.
While researchers have discovered HTML5 malware before, these instances are different because they require no victim interaction and are targeting devices that have trouble detecting malware.
“The HTML5 malware was designed to entice victims to enter their information in response to a pop-up ad. This campaign is quickly spreading through the online world, waiting for individuals with the right devices to trigger the collection of personally identifiable information,” The Media Trust wrote. In addition, no antivirus solutions have been able to stop any previous versions of HTML5 malware.