LevelBlue Labs recently discovered a new highly evasive loader that is being delivered to specific targets through phishing attachments.
A loader is a type of malware used to load second-stage payload malware onto a victim’s system. Due to the lack of previous samples observed in the wild, LevelBlue Labs has named this malware “SquidLoader,” given its clear efforts at decoy and evasion. After analysis of the sample LevelBlue Labs retrieved, we uncovered several techniques SquidLoader is using to avoid being statically or dynamically analyzed. LevelBlue Labs first observed SquidLoader in campaigns in late April 2024, and we predict it had been active for at least a month prior.
Read more…
Source: LevelBlue Labs
Related:
- Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS
January 17, 2025
QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper ...
- CIA employee pleads guilty over leak of classified Israeli plans
January 17, 2025
A CIA employee who was accused of leaking classified documents about Israel’s plans to strike Iran pleaded guilty on Friday to criminal charges that he willfully retained and transmitted national defense information, the U.S. Department of Justice said. In pleading guilty, Asif William Rahman, who worked at the U.S. intelligence agency since 2016, acknowledged that he ...
- Mercedes-Benz Head Unit security research report
January 17, 2025
This report covers the research of the Mercedes-Benz Head Unit, which was made by Kaspersky team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). The researchers performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab. Their report is a good starting point for diving deep into the MBUX ...
- Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches
January 16, 2025
The prolific Clop ransomware gang has named dozens of corporate victims it claims to have hacked in recent weeks after exploiting a vulnerability in several popular enterprise file transfer products developed by U.S. software company Cleo. In a post on its dark web leak site, seen by TechCrunch, the Russia-linked Clop gang listed 59 organizations it ...
- How to Mitigate the Risk of Rogue Employees
January 16, 2025
Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to map office layouts, identify vulnerable devices, and even plant malware during site visits. Read more… Source: Rapid7 Sign up ...
- PlugX malware deleted from thousands of systems by FBI
January 16, 2025
The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. PlugX has been around since at least 2008 but is under ...