qakbot-malware

Analysis

On 13th December 2022, Cisco Talos Intelligence published a threat advisory about Qakbot malware, the researchers from Talos have identified HTML smuggling was actively used by Qakbot attackers.

HTML smuggling is a technique used to hide malicious scripts in the HTML file. The attacker initially sends phishing mail to the target with the malicious HTML file attachment, when the target clicks the link, the HTML attachment gets decoded by the browser and runs the JavaScript in Scalable Vector Graphics image (SVG), then the JavaScript blob assembles the malware on the device and infects the machine.

Prevention

  • Use Antivirus or EDR in all endpoints.
  • Educate employees about phishing emails.
  • Take regular backups of end devices to reduce the impact of attacks.

Detection

Create rules based on known indicators of threat actor activity in the SIEM (Security incident event management) tool for detection.

References

CISCO TALOS

 

# Managed Security Services

Recent Threat Bulletin

A report on Jenkins CVE-2024-23897 vulnerability
Ivanti Zero-Day Vulnerabilities: Connect Secure and IPS
Unmasking Androxgh0st: A deep dive to safeguard your network

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.