Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.

SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike

Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.

Edmund Brumaghin, Cisco Talos Threat Researcher

November 10, 2021

1 Min Read
Chart showing daily volume of spam emails delivering SquirrelWaffle between Sept and Oct 2021.
Source: Cisco Talos

SquirrelWaffle is a new malware loader that infects systems using malicious documents delivered via a link in an email message. Threat actors use the malware loader to establish an initial foothold onto systems and their network environments. The adversaries can either download additional types of malware or further compromise the network, depending on how they choose to monetize the attack. In many cases, SquirrelWaffle is being used to deliver and infect systems with Qakbot and the penetration-testing tool Cobalt Strike

Beginning in mid-September, Cisco Talos observed malspam campaigns delivering malicious Microsoft Office documents designed to infect systems with SquirrelWaffle. The messages typically contain hyperlinks to malicious ZIP archives hosted on attacker-controlled Web servers. The chart, above, illustrates the volumetric trajectory of these campaigns between Sept. 1 and Oct. 15, 2021. Due to the prevalence of these campaigns, organizations should be aware of how SquirrelWaffle could be used to further compromise corporate networks.

Visit the Cisco Talos blog to learn more.

About the Author

Edmund Brumaghin

Cisco Talos Threat Researcher

Edmund Brumaghin is a threat researcher with Cisco Talos. He has spent the past several years protecting environments across several different industries including nuclear energy, financial services, etc. He currently spends his days hunting malware and analyzing various threats as they emerge and continue to evolve. In his time with Talos he has researched ransomware, banking trojans and other threats being distributed using various attack vectors. He has also worked to expose large scale malware campaigns and raise awareness of security threats observed across the threat landscape.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights