New Wave of SquidLoader Malware Targeting Financial Institutions

216.73.217.22

New Wave of SquidLoader Malware Targeting Financial Institutions

· Published 21/07/2025 12:03 · Modified 21/07/2025 12:59

Essential information

Published: 21/07/2025 12:03
Modified: 21/07/2025 12:59
Tags: 2025-07-21 cobalt strike cobalt strike beacon squidloader
Related entities: 18 observables, 8 techniques (mitre), 2 malware, 5 others

Description

A sophisticated malware campaign is targeting financial services in Hong Kong with SquidLoader, a highly evasive malware that deploys Cobalt Strike Beacon for remote access. The malware exhibits advanced anti-analysis, anti-sandbox, and anti-debugging techniques, achieving near-zero detection rates on VirusTotal. The attack chain is complex and poses a significant threat to targeted organizations. The analysis provides detailed technical insights into SquidLoader's features and indicators of compromise, including SHA256 hashes for samples found in Hong Kong, Singapore, China, and Australia. The campaign utilizes multiple command and control servers, primarily mimicking Kubernetes API endpoints.