Malware Research

November 12, 2020

SECURITY

CRAT wants to plunder your endpoints

By Asheer Malhotra. Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as “Hansom.” CRAT has been attributed to the Lazarus […]

November 8, 2018

THREAT RESEARCH

Metamorfo Banking Trojan Keeps Its Sights on Brazil

Cisco Talos recently identified two ongoing malware distribution campaigns being used to infect victims with banking trojans, specifically financial institutions' customers in Brazil.

July 24, 2018

THREAT RESEARCH

Advanced Mobile Malware Campaign in India uses Malicious MDM – Part 2

This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Since our initial post on malicious mobile device management (MDM) platforms, we have gathered...

July 12, 2018

THREAT RESEARCH

Advanced Mobile Malware Campaign in India uses Malicious MDM

Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.

February 26, 2018

THREAT RESEARCH

Who Wasn’t Responsible for Olympic Destroyer?

This blog post is authored by Paul Rascagneres and Martin Lee. Summary Evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow...

January 15, 2018

THREAT RESEARCH

Korea In The Crosshairs

This article exposes the malicious activities of Group 123 during 2017. We assess with high confidence that Group 123 was responsible for six campaigns targeting both Korean and Non-Korean institutions.

May 12, 2017

THREAT RESEARCH

Player 3 Has Entered the Game: Say Hello to ‘WannaCry’

This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams. Executive Summary A major ransomware attack has affected many organizations across across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as […]