botnet

July 22, 2020

SECURITY

Prometei botnet and its quest for Monero

Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign employing a multi-modular botnet with multiple ways to spread and a payload focused on providing financial benefits for the attacker by mining the Monero online currency. The actor employs various methods to spread across the network, like SMB with […]

March 13, 2019

THREAT RESEARCH

GlitchPOS: New PoS malware for sale

Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card...

July 3, 2018

THREAT RESEARCH

Smoking Guns – Smoke Loader learned new tricks

Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following...

March 6, 2018

THREAT RESEARCH

Gozi ISFB Remains Active in 2018, Leverages “Dark Cloud” Botnet For Distribution

Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a widely distributed type of...

January 18, 2018

THREAT RESEARCH

The Many Tentacles of the Necurs Botnet

This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much […]

May 23, 2017

THREAT RESEARCH

Modified Zyklon and plugins from India

Streams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns smaller in volume as they might contain more interesting malware. A few weeks ago […]

September 29, 2016

THREAT RESEARCH

Want Tofsee My Pictures? A Botnet Gets Aggressive

This post was authored by Edmund Brumaghin Summary Tofsee is multi-purpose malware that has been in existence for several years, operating since at least 2013. It features a number of modules that are used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Once infected, systems become […]

December 15, 2014

THREAT RESEARCH

Ancient Mac Site Harbors Botnet that Exploits IE Vulnerability

This post was authored by Alex Chiu and Shaun Hurley. Last month, Microsoft released a security bulletin to patch CVE-2014-6332, a vulnerability within Windows Object Linking and Embedding (OLE) that could result in remote code execution if a user views a maliciously crafted web page with Microsoft Internet Explorer. Since then, there have been several […]