12 matches found
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
SquirrelWaffle – the newish malware loader that first showed up in September – once again got its scrabbly little claws into an unpatched Microsoft Exchange server to spread malspam with its tried-and-true trick of hijacking email threads. That’s the same-old, same-old, as in, a SquirrelWaffle...
Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys
Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign...
Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan
Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to proactively detect and block the threat in an effective manner. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a...
This Week in Security News - December 3, 2021
This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network...
Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws
Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader tha...
Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns
Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell...
New Wslink Malware Loader Runs as a Server and Executes Modules in Memory
Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it run...
Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike
A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of...
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increasing regularity and...
SquirrelWaffle Loader Malspams, Packs Qakbot, Cobalt Strike
SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike – two of the most common threats regularly observed targeting organizations around the world. Cisco Talos researchers said on Tuesday...