Microsoft

SquirrelWaffle Malware Exploits Microsoft Exchange Vulnerabilities Via Email

Security experts have discovered that the Squirrelwaffle malware uses a new trick to trigger so-called chain infections in networks. The victims have the impression that they are receiving an e-mail from their network, but the Trojan is only well hidden.

That comes from a report from Trend Micro. Threat actors hack Microsoft Exchange servers with the help of ProxyShell and ProxyLogon exploits that have been known for months. The aim is to distribute various malware and bypass the detection of tampering through stolen internal reply chain emails. What is meant by this is that the hackers use reply e-mails, i.e. “join” in an existing conversation. It is therefore even more difficult for the victims to realize that they are being attacked.

Excel attachments are minipulated

Squirrelwaffle is there to smuggle in various other malware. Vulnerabilities in the Exchange server are exploited for this purpose. The infection with malware then takes place via manipulated Microsoft Excel attachments. There are always warnings against such attachments, but the fact that Squirrelwaffle now attaches itself to existing e-mail flows makes the victims much more reckless when downloading and opening the malicious attachments.

The threat actors use compromised Exchange servers to reply to the company’s internal email in response to chain attacks that contain links to malicious documents that install various malware.

During the same intrusion, we analyzed the email headers of the malicious emails we received. The email path was internal (between the three internal Exchange server mailboxes), which suggests that the emails weren’t from an external sender, an open mail relay, or a message transfer agent (MTA), “said Trend Micro report. Once the hackers have penetrated the network, they can use Squirrelwaffle to download and install any malware.

Because these emails come from the same internal network and appear to be the continuation of a previous discussion between two employees, there is greater confidence in the legality and security of the email.

Trend Micro researchers recently discovered this interesting new tactic and are now concerned about a new wave of hacks.

Share
Published by
Yasir Zeb

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

16 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

16 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

21 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

22 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

22 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

22 hours ago