- Cisco Talos says that hackers abuse CSS in emails
- The style of style leaf is used to mask content, follow people’s behavior, and more
- Researchers suggest that IT teams adopt advanced filtering techniques
Cybercriminals use the CSS in emails to follow their victims, learn more about them and redirect them to pages of phishing, the experts warned.
Cisco Talos cybersecurity researchers described how CSS (cascade style sheets) are used in emails to control the design, layout and formatting of email content. Companies use it not only to improve emails, but also to keep the coherent layout between different messaging customers. There is nothing intrinsically malicious about CSS but, as is the case with many other legitimate tools, it is abused in the attacks.
“The features available in CSS allow attackers and spammers to follow user actions and preferences, even if several features related to dynamic content (for example, JavaScript) are restricted in messaging customers compared to web browsers,” said a Cisco Talos researcher.
Advanced filtering techniques
Thanks to CSS, cybercriminals can hide the content at sight, bypassing email safety solutions. They can also use it to redirect people to pages of phishing, it was said. The tool can be used to monitor the behavior of the user which, in turn, can cause spear or fingerprint attacks.
“These abuses can range from the identification of the preferences of the police and the colors of the recipients and the customer language to even follow their actions (for example, consult or print emails),” they said. “CSS provides a wide range of rules and properties that can help spammers and threaten fingerprint users, their webmail or its messaging client, and their system. For example, the At-Rule media can detect certain user’s environmental attributes, including screen size, resolution and depth of colors.”
Cisco Talos said that the new campaign was based on a “” Salant “hidden text that they discovered in late January 2025.
To fight against this threat, the researchers suggested that IT teams adopt advanced filtering techniques that scan the structure of HTML emails, rather than their content. One e-mail safety solution could therefore look for extreme use of online styles or CSS properties such as “visibility: hidden”. The deployment of defenses fueled by AI is also recommended.
Via The Hacker News
