On 13th December 2022, Cisco Talos Intelligence published a threat advisory about Qakbot malware, the researchers from Talos have identified HTML smuggling was actively used by Qakbot attackers.

HTML smuggling is a technique used to hide malicious scripts in the HTML file. The attacker initially sends phishing mail to the target with the malicious HTML file attachment, when the target clicks the link, the HTML attachment gets decoded by the browser and runs the JavaScript in Scalable Vector Graphics image (SVG), then the JavaScript blob assembles the malware on the device and infects the machine.


  • Use Antivirus or EDR in all endpoints.
  • Educate employees about phishing emails.
  • Take regular backups of end devices to reduce the impact of attacks.


Create rules based on known indicators of threat actor activity in the SIEM (Security incident event management) tool for detection.




Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at