zdnet[.]com/article/this-sneaky-trick-lets-attackers-smuggle-malware-onto-your-network/
The idea is to 1st get you to click a link in an email... I get a Lot of emails that won't display properly in Win10's Mail app, so I click the link to view as a web page, and that might just be an ideal way to get you to click that link. And once you click that link it opens a web page with hidden JavaScript that assembles the malware. Since there are no files to examine & potentially block, and it's already made it past any proxies & email gateways, it's pretty effective.
"Disabling JavaScript could mitigate HTML smuggling created using JavaScript Blobs. However, JavaScript is used to render business-related and other legitimate web pages," Microsoft explains."In addition, there are multiple ways to implement HTML smuggling through obfuscation and numerous ways of coding JavaScript, making the said technique highly evasive against content inspection."