A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems.
"These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed targeting organizations around the world," said researchers with Cisco Talos in a technical write-up.
The malspam campaign is believed to have commenced in mid-September 2021 via laced Microsoft Office documents that, when opened, triggers an infection chain that leads to the machines getting infected with a malware dubbed SQUIRRELWAFFLE.
Mirroring a technique that's consistent with other phishing attacks of this kind, the latest operation leverages stolen email threads to give it a veil of legitimacy and trick unsuspecting users into opening the attachments.
What's more, the language employed in the reply messages matches the language used in the original email thread, demonstrating a case of dynamic localization put in place to increase the likelihood of success of the campaign. The top five languages used to deliver the loader are English (76%), followed by French (10%), German (7%), Dutch (4%), and Polish (3%).
< ..
Support the originator by clicking the read the rest link below.
