Security experts at LevelBlue Labs have identified a new evasive malware loader called SquidLoader, which is targeting Chinese organizations through phishing campaigns [2] [5] [6].

Description

SquidLoader is being used to load second-stage payload malware onto victims’ systems and has been observed in campaigns targeting Chinese-speaking victims [4]. It was first detected in late April 2024 and is believed to have been active for at least a month prior [2]. The malware is distributed through phishing emails containing attachments disguised as legitimate Microsoft Word documents [6]. SquidLoader employs advanced evasion techniques to avoid detection and analysis, spreading through deceptive email attachments and retrieving second-stage shellcode payloads, such as Cobalt Strike [1], from a remote server [3] [5]. To evade detection [3] [5] [6], SquidLoader includes encrypted code segments and Control Flow Graph obfuscation [5]. Malware loaders like SquidLoader are highly sought after in the criminal underground for their ability to deliver additional payloads to compromised systems while bypassing traditional antivirus defenses.

Conclusion

Organizations should exercise caution against phishing attempts and verify the sender’s identity before opening attachments or clicking on links [7]. The discovery of SquidLoader highlights the importance of staying vigilant against evolving cyber threats and the need for robust cybersecurity measures to protect sensitive data and systems.

References

[1] https://markets.financialcontent.com/stocks/article/bizwire-2024-6-19-introducing-levelblue-labs-threat-intelligence-team-finds-evasive-loader-targeting-chinese-speaking-victims
[2] https://www.cybersecurity-review.com/levelblue-labs-discovers-highly-evasive-new-loader-targeting-chinese-organizations/
[3] https://thehackernews.com/2024/06/experts-uncover-new-evasive-squidloader.html
[4] https://sechub.in/view/2896588
[5] https://www.cloudways.com/blog/squidloader-targetting-chinese-organizations/
[6] https://cybermaterial.com/squidloader-malware-targets-chinese-firms/
[7] https://www.morningstar.com/news/business-wire/20240619937626/introducing-levelblue-labs-threat-intelligence-team-finds-evasive-loader-targeting-chinese-speaking-victims