HTML Phishing Attachments Use "Comment Stuffing" to Evade AI Detection
Attackers are embedding large, obfuscated HTML files within phishing emails, using a "comment stuffing" technique to bypass AI-driven security filters.

Phishing campaigns are increasingly employing sophisticated techniques to circumvent modern security defenses, with a recent discovery highlighting the use of "comment stuffing" within HTML attachments to evade AI-based detection. This method involves embedding a large amount of seemingly innocuous data, such as repetitive characters within HTML comments, to inflate file sizes and obscure malicious content.
The phishing emails themselves exhibit several characteristics indicative of custom-built tooling rather than standard email clients. Notably, they often feature empty or forged sender information, lack crucial email authentication headers like DKIM and DMARC, and present an "empty" or "None" date field. These anomalies suggest that the emails are generated by scripts designed to bypass initial security checks, rather than being sent through legitimate mail servers.
One such email, disguised as a Microsoft Teams notification about a shared SharePoint document, contained an HTML attachment with a surprisingly large file size. Upon closer inspection, the attachment was found to be heavily obfuscated using JavaScript's unescape() function, which decodes a string of \uXXXX escape sequences. This initial layer of obfuscation was designed to hide the true nature and size of the payload.
After decoding, the HTML file revealed that the majority of its content was padding. This padding consisted of a single, massive HTML comment containing hundreds of thousands of repetitions of the letter 'X'. This "comment stuffing" technique served to significantly inflate the file size, a tactic that appears to be a direct response to the growing reliance on AI in email security systems. AI models often analyze file size and content patterns, and unusually large files can trigger suspicion, but the obfuscation and padding here aim to mask the malicious payload within a seemingly benign, albeit large, structure.
The actual phishing page, which constituted only a small fraction of the decoded HTML, was embedded within this padded structure. The attackers likely rely on the sheer volume of data and the obfuscation to prevent AI systems from accurately analyzing the content and flagging it as malicious. The large size, combined with the obfuscation, could potentially cause AI detectors to misclassify the email or attachment, allowing it to pass through to the user's inbox.
This technique highlights a cat-and-mouse game between attackers and security vendors. As AI becomes more adept at identifying known phishing patterns, threat actors are developing novel methods to exploit the limitations of these systems. The use of binary padding, as described by MITRE ATT&CK, is a known tactic, but its application within HTML attachments using comment stuffing represents an evolving approach to bypass AI-driven defenses.
Organizations and security professionals should remain vigilant, as these advanced phishing techniques can be difficult to detect with automated systems alone. User education on recognizing suspicious email characteristics, even when they appear to bypass security filters, remains a critical component of a comprehensive defense strategy. Further analysis of these custom-built phishing tools may reveal additional evasion tactics and inform the development of more robust AI detection models.