Drive-by Download Attack, or Covert Download.
With each passing year, new tools for user protection are appearing in browsers. Popular browsers today can track and prevent MITM attacks, where someone tries to insert themselves between the user and the website to intercept traffic, can detect phishing sites, and of course, have built-in sandboxes to protect the system from website attacks.
However, one method still works as effectively today as it did 10 years ago—downloading a bait file to the user and waiting for them to open it themselves.
Drive-by download is an attack where the download occurs covertly when the victim opens a website. However, such a site will be noticed fairly quickly, especially if it starts to mass download malicious files to users. Therefore, attackers often use a variation of this attack called drive-by login. This is still the same covert download, but it occurs after the user has logged into the site. This scheme allows attackers to remain hidden from detection by security specialists for a long time and avoid being listed as malicious sites.
But in reality, this is more of a theoretical threat: today, secretly downloading a file is not so easy, but doing so without the user's consent is elementary. This is what attackers exploit.
Everyone knows that a computer can be infected using malicious software disguised as pdf or word files. This is how ordinary users, companies, politicians, and public figures get infected, but there is at least one condition: the file must be opened on the victim's device. Forcing the victim to open the file is one of the key tasks of attackers.
By the way, it doesn't necessarily have to be malicious software disguised as a document; it can also be the document itself if the office suite contains a vulnerability. For this, attackers must have zero-day vulnerabilities in their arsenal, or the victim's software must be outdated and contain known vulnerabilities.
At the time of writing this article, information emerged about a critical vulnerability in a popular office suite. And it’s not even MS Office, where vulnerabilities are regularly found, but LibreOffice—a free and open-source office suite. I, like many others, recommend it as an alternative to Microsoft Office, but in this case, a critical vulnerability was discovered that led to the compromise of the victim's device simply by opening a document.
Users often fear that websites will download files to them and that these files will run by themselves. I assure you, today this is more of a theoretical threat; exploiting vulnerabilities in the browser and escaping the sandbox is much more real, but that is a different type of attack, for which the attacker must possess a set of 0-day vulnerabilities for the browser and operating system, or the victim's browser and operating system must be outdated and unprotected against known vulnerabilities.