Articles
Custom dropper hide and seek
Most users assume they are safe when surfing the web on a daily basis. But information-stealing malware can operate in the background of infected systems, looking to steal users’ passwords, track their habits online and hijack personal information. Cisco Talos has monitored adversaries which a…
Hunting For LolBins
Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of stayin…
Threat Roundup for November 1 to November 8
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Nov 1 and Nov8. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral chara…
How Adversaries Use Politics for Compromise
This blog post was authored by Nick Biasini and Edmund Brumaghin of Cisco Talos. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can’t help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns wher…
C2 With It All: From Ransomware To Carding
Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims’ infrastructure — all of which allowed us to identify several targets of these attacks,…
Threat Roundup for October 25 to November 1
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct 25 and Nov 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral cha…
The commoditization of mobile espionage software
Mobile stalkerware has all sorts of wide-ranging consequences. The creators of these types of apps can track user’s locations, see their social media usage and more. And they certainly open the door for abuse by governments hoping to spy on their citizens, parents looking to track their childr…
Threat Roundup for October 18 to October 25
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct 18 and Oct 25. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
Gustuff return, new features for victims
The Gustuff banking trojan is back with new features, months after initially appearing targeting financial institutions in Australia. Cisco Talos first reported on Gustuff in April. Soon after, the actors behind Gustuff started by changing the distribution hosts and later disabled its command and co…