Not SimonNetskope reports on an Azorult infostealer campaign in the wild that delivers its initial payload through HTML smuggling. It uses reflective code loading (T1620) to execute the fileless Azorult malware, and an Anti Malware Scan Interface (AMSI) bypass technique (T1562.001) to avoid detection. Netskope provides the infection chain, infostealer features and IOC. 🔗 https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
