Since when did squirrels start liking waffles? Oddly enough, a malware threat called SquirrelWaffle has surfaced on the shores of cybersecurity.
Delivered generally through spam email campaigns, this malware weaves its way into enterprise networks by dropping malicious programs into compromised systems.
Let's learn how this malware spreads and its attack vectors. We will also tap into five tips that can help you stay protected from malware attacks.
How Does the SquirelWaffle Spread?
Known as the dropper malware, the developers of SquirrelWaffle have made extra efforts to keep it hidden and difficult to analyze.
The SquirrelWaffle mainly spreads via attachments of Microsoft Office documents in spam emails. At the time of writing in November 2021, two variants—a Microsoft Word document and a Microsoft Excel spreadsheet—have been discovered as the source of delivery for this malware.
The infection vector kicks off when a ZIP file that contains the malicious Office documents is opened by the victims. The VBA macros in that file download the SquirrelWaffle DLL, which then spawns the distribution of another threat vector known as Cobalt Strike.
It is also observed that the attackers might use the DocuSign signing platform as bait to trick the recipients into enabling macros on their Microsoft Office suite.
How Is SquirrelWaffle Exploiting Cobalt Strike?
Cobalt Strike is a legitimate penetration testing tool used by white hat hackers and groups of security teams to test an organization's infrastructure and to discover security loopholes and vulnerabilities.
Unfortunately, hackers have adapted to Cobalt Strike and have started exploiting the tool by using it as a second-stage payload for many types of malware.
And the SquirrelWaffle malware exploits Cobalt Strike in a similar fashion. By delivering malware-laced Cobalt Strike framework post-infection, the SquirrelWaffle renders exploitation tasks such as getting persistent remote access to compromised devices.
5 Tips to Stay Protected Against Malware Attacks
Below are five tips that will help you stay protected against SquirrelWaffle and other potential malware attacks:
1. Be Wary of Attachments
The number one defense against any type of malware is being cautious against opening suspicious-looking attachments.
Most well-targeted malware, such as phishing attacks, are deceiving—and it can take a lot of technical expertise to identify them. A phishing attack dupes people into opening a link or email that may appear to be coming from a legitimate source. Once opened, the link might direct the victim to a fake website, prompt them to enter their personal credentials, or take them to a website that directly infects their device with malware.
So, take precautions when opening attachments and refrain from clicking on them—unless you are completely sure about their source of origin.
2. Install Anti-Virus Software
Investing in robust anti-virus software and endpoint security is crucial in mitigating malware attacks. Certain anti-virus solutions can detect malicious malware and prevent it from getting downloaded.
These tools can also provide the ability to view compromised devices and even send alert notifications when a user stumbles on a risky website. Most anti-virus software these days also provide automatic updates to provide enhanced protection against newly-created viruses.
3. Look Out for Indicators of Compromise
Sometimes anti-virus software is not equipped to detect malware, or the malware could be new and deceiving, as is the case with the SquirrelWaffle.
If you find yourself in this situation, then it's best to be on the lookout for Indicators of Compromise (IoC).
IoC are clues that tell you that your device is infected by malware. For example, you might notice erratic behavior such as geographical discrepancies on your devices, an increment in database reads, or a higher rate of authentication attempts on your network, etc.
4. Update Your Software Regularly
Software updates are released to address any security concerns, fix software bugs, remove vulnerabilities from older and outdated systems, improve the operational functionality of hardware, and offer support for newer equipment models.
So, in addition to installing anti-virus software, you should also update your software regularly. This will prevent hackers from gaining access to your computer and infecting it with malware.
5. Be Cautious of Free Apps and Unknown Sources
Always buy and download apps from trustworthy sources as it reduces the chance of malware infections. Reputable brands take extra measures to ensure they are not distributing malware-infected apps, as they do not want to put their name at stake.
Also, paid versions of apps are generally more secure than their free counterparts.
Note: Confirm the authenticity of a source by checking the full name, list of published apps, and contact details in the app description within the Google Play or Apple app store.
Easy Ways to Beat the SquirrelWaffle
Office documents are frequently used by threat actors to spread malware due to their widespread usage. To safeguard yourself from SquirrelWaffle, it is imperative to keep an eye out for all Microsoft Office documents that you receive as attachments. It's also a good idea to keep your macros disabled in Office as this malware spreads through malicious VBA macros in the downloaded files.
If you really need to open certain attachments, be smart about it. For instance, instead of downloading attachments in Gmail, open them in Google Drive to protect your computer from potential malware.