New Squirrelwaffle Malware Mimics Emotet Tactics

Security researchers at Cisco Talos recently uncovered a new malware threat, called Squirrelwaffle, that spreads via spam campaigns, providing threat actors with an initial entry into a compromised device or network and allowing them to deploy additional malware, such as Qakbot or Cobalt Strike. Squirrelwaffle, which was first identified last month, leverages stolen reply-chain emails to propagate across devices and networks. “These emails contain hyperlinks to malicious ZIP archives hosted on attacker-controlled web servers and typically include a malicious .doc or a .xls attachment that runs malware-retrieving code if opened,” according to BleepingComputer. Additionally, Squirrelwaffle appears to have many of the same characteristics associated with the Emotet malware. Researchers note Squirrelwaffle is one of the tools that emerged as an Emotet replacement shortly after the botnet was disrupted by authorities and could constitute a reboot by Emotet members who evaded law enforcement. Cisco Talos advises every organization to be aware of the tactics, techniques, and procedures utilized in this campaign as Squirrelwaffle becomes more prevalent in the wild. Read more at Cisco or access a relevant article at BleepingComputer.