• Talos discovers a new point-of-sale malware for sale online called “GlitchPOS” that is easy enough to use that anyone could set up their own credit card-skimming botnet.


  • Talos publishes a list of malicious groups on Facebook using straightforward names that carry out a range of malicious activities, including the sale of credit card data and other malware services.
  • A campaign known as “Sea Turtle” expands on the growing popularity of DNS hijacking attacks, spoofing legitimate DNS addresses to target public and private entities, including national security organizations, located primarily in the Middle East and North Africa.
  • Yet another DNS hijacking campaign, “Karkoff,” shows that the actors behind DNSpionage are retooling their procedures to avoid detection and improve the efficacy of their operations.


  • The Qakbot banking trojan evolves to maintain persistence and potentially evade detection.
  • Talos discovers “BlackWater,” a trojan that our researchers believed with moderated confidence was associated with the MuddyWater APT.
  • A “wormable” Microsoft vulnerability called “BlueKeep” is discovered, leading researchers to believe the Remote Desktop Protocol bug could lead to a similar attack to WannaCry. Talos released new Snort rules to protect against this vulnerability and outlined how to defend against it using Cisco Firepower.




  • After going quiet over the summer, Emotet returns with a new group of IOCs, but the same set of protections as always.
  • The Tortoiseshell APT uses a fake hiring website targeted toward U.S. military veterans to infect victims with a malware downloader.
  • The ODT file type becomes increasingly popular among attackers, which can allow malware to avoid traditional detection methods.


  • A rare iOS jailbreak called “checkra1n” hits the scene, leading to some attackers attempting to trick users into downloading a tool that they believe will unlock their devices, but actually just installs malware.
  • Talos uncovers a group of spyware software that exist in a legal and moral gray area, but attackers have been using to carry out malicious actions.