Researchers have uncovered SquidLoader, a new evasive malware loader targeting Chinese organizations via phishing campaigns. Utilizing attachments disguised as Microsoft Word documents, the malware evades detection with sophisticated techniques including encrypted code segments and Control Flow Graph (CFG) obfuscation. SquidLoader retrieves second-stage payloads like Cobalt Strike, highlighting its advanced capabilities to compromise systems while avoiding detection.