Checkrain fake iOS jailbreak leads to click fraud

By Warren Mercer and Paul Rascagneres. Introduction Attackers are capitalizing on the recent discovery of a new vulnerability that exists across legacy iOS hardware. Cisco Talos recently discovered a malicious actor using a fake website that claims to give iPhone users the abil

Open Document format creates twist in maldoc landscape

By Warren Mercer and Paul Rascagneres. Introduction Cisco Talos recently observed attackers changing the file formats they use in an attempt to thwart common antivirus engines. This can happen across other file formats, but today, we are showing a change of approach for an acto

How Tortoiseshell created a fake veteran hiring website to host malware

By Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Introduction Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. The actor, previously identified by Symantec a

DNSpionage brings out the Karkoff

Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that

DNSpionage Campaign Targets Middle East

Update 2018-11-27 15:30:00 EDT: A Russian-language document has been removed. Subsequent analysis leads us to believe it is unrelated to this investigation Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) aff

Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator

Malicious MDM: Let's Hide This App

This blog post is authored byWarren Mercer and Paul Rascagneres with contributions from Nick Biasini Summary Since our initial discovery of a malicious mobile device management (MDM) platform that was loading fake applications onto smartphones, we have gained greater insight in

Advanced Mobile Malware Campaign in India uses Malicious MDM

Summary Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices. At this time, we don't know how the attacker managed

Vulnerability Spotlight: Multiple Antenna House Vulnerabilities

Discovered by Marcin Noga of Cisco Talos Overview Cisco Talos has identified six vulnerabilities in the Antenna House Office Server Document Converter (OSDC). These vulnerabilities can be used to remotely execute code on a vulnerable system. Antenna House Office Server Documen