Security News > 2021 > October > Spammers use Squirrelwaffle malware to drop Cobalt Strike
A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks.
The new malware tool spreads via spam campaigns dropping Qakbot and Cobalt Strike in the most recent campaigns.
The Squirrelwaffle loader then deploys malware like Qakbot or the widely abused penetration testing tool Cobalt Strike.
Cobalt Strike is a legitimate penetration testing tool designed as an attack framework to test an organization's infrastructure to discover security gaps and vulnerabilities.
Cracked versions of Cobalt Strike are also used by threat actors for post-exploitation tasks after deploying beacons, which provide them with persistent remote access to compromised devices.
Squirrelwaffle may be a reboot of Emotet by members who dodged law enforcement or other threat actors attempting to fill the void left behind by the notorious malware.