SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

2021-10-26 22:25

SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike - two of the most common threats regularly observed targeting organizations around the world.

Cisco Talos researchers said on Tuesday that they got wind of the malspam campaigns beginning in mid-September, when they saw the boobytrapped Office documents working to infect systems with SquirrelWaffle in the initial stage of the infection chain.

"The campaigns themselves feature several similar characteristics to the campaigns previously seen associated with established threats like Emotet," Cisco Talos researchers explained.

"Due to the prevalence of these campaigns, organizations should be aware of SQUIRRELWAFFLE and the way it could be used by attackers to further compromise corporate networks," they advised.

Cisco Talos said that while the SquirrelWaffle threat is relatively new, the workings - including the distribution campaigns, infrastructure and command-and-control implementations - have a lot in common with those seen from other, more established threat actors.

"Organizations should continue to employ comprehensive defense-in-depth security controls to ensure that they can prevent, detect, or respond to SQUIRRELWAFFLE campaigns that may be encountered in their environments," they recommended.

News URL

https://threatpost.com/squirrelwaffle-loader-malspams-packing-qakbot-cobalt-strike/175775/

#cobalt #malspam