Malware Analysis

November 14, 2019

THREAT RESEARCH

Custom dropper hide and seek

Most users assume they are safe when surfing the web on a daily basis. But information-stealing malware can operate in the background of infected systems, looking to steal users’ passwords, track their habits online and hijack personal information. Cisco Talos has monitored adversaries which are behind a wave of ongoing campaigns dropping well-known information-stealer like […]

September 5, 2019

THREAT RESEARCH

GhIDA: Ghidra decompiler for IDA Pro

Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler...

August 28, 2019

THREAT RESEARCH

RAT Ratatouille – Backdooring PCs with leaked RATs

Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to...

March 13, 2019

THREAT RESEARCH

GlitchPOS: New PoS malware for sale

Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card...

February 20, 2019

THREAT RESEARCH

Combing Through Brushaloader Amid Massive Detection Uptick

Brushaloader is an evolving threat that is being actively developed and refined over time as attackers identify areas of improvement and add additional functionality. Ensure PowerShell logging is enabled and configured on endpoints.

November 8, 2018

THREAT RESEARCH

Metamorfo Banking Trojan Keeps Its Sights on Brazil

Cisco Talos recently identified two ongoing malware distribution campaigns being used to infect victims with banking trojans, specifically financial institutions' customers in Brazil.

July 24, 2018

THREAT RESEARCH

Advanced Mobile Malware Campaign in India uses Malicious MDM – Part 2

This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Since our initial post on malicious mobile device management (MDM) platforms, we have gathered...

July 12, 2018

THREAT RESEARCH

Advanced Mobile Malware Campaign in India uses Malicious MDM

Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.

April 26, 2018

THREAT RESEARCH

GravityRAT – The Two-Year Evolution Of An APT Targeting India

GravityRAT malware has implemented new features, such as file exfiltration, remote command execution capability and anti-vm techniques. Consistent evolution and innovation beyond standard remote code execution is concerning.