Network Security, Malware, Threat Intelligence

Novel SquidLoader malware aimed at Chinese orgs

Privacy concept: pixelated words Malware on digital background, 3d render

SecurityWeek reports that organizations across China have been targeted with attacks using the new SquidLoader malware loader to deliver a Cobalt Strike beacon similarly configured as one used in previous campaigns against Chinese-speaking users.

Intrusions commence with the delivery of phishing emails masking SquidLoader payloads as corporate documents, which when executed triggers several anti-detection techniques, including self-duplication, in-stack encrypted strings, direct syscalls, debugger detection, and Control Flow Graph obfuscation, an analysis from LevelBlue Labs revealed.

While tactics, techniques, and procedures leveraged in the attack were akin to an advanced persistent threat actor's, researchers noted inadequate evidence to formally make the association.

"Given the success SquidLoader has shown in evading detection, it is likely that threat actors targeting demographics beyond China will start to mimic the techniques used by the threat actor responsible for SquidLoader, helping them to to elude detection and analysis on their unique malware samples," said LevelBlue Labs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.