Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.

Decrement by one to rule them all: AsIO3.sys driver exploitation

Facial recognition is quickly becoming commonplace. It is important to know where, when, and how you can opt out.

Our remote team recently took a trip to our Estonian office. When we arrived from our various destinations, we started chatting about how our travel had been. Our senior privacy advocate, David Ruiz, mentioned that he’d opted out of facial recognition while at San Francisco International Airport.

However, not everyone on the team knew this was even A Thing, and that made us think…maybe not all of our readers know either. So we looked into where and how you can opt out of facial recognition—a technology that’s becoming increasingly common in many aspects of everyday life.

**Airports and border control**

This one is relatively straightforward. The Transportation Security Administration (TSA) actively deploys one of the most visible and widespread uses of facial recognition in the US, especially at airports. Over 80 major airports have installed facial recognition cameras at security checkpoints to verify traveler identities quickly and without physical contact. The process involves a camera taking a photo of your face and matching it in real time to the photo on your passport or ID card.

What many people don’t realize is participation in this facial recognition screening is voluntary. If you prefer not to have your face scanned, you can opt out. The TSA allows travelers to do this by choosing an alternative identity check, such as a manual ID inspection by a TSA officer. David said he simply asked, “Hey, can I opt out?” and there was no significant delay in his screening process.

The TSA officer must honor your request to opt out, and provide an alternative method. Although signage about this choice exists, it’s often subtle or easy to miss, so it’s best to know your rights before you arrive.

US Customs and Border Protection (CBP) also uses facial recognition at departure gates and border crossings to verify identities. Like at TSA checkpoints, you can opt out. When you reach the gate, ask for manual identity verification instead of having your photo taken. This opt-out option applies to both US citizens and noncitizens.

Outside of airports and border control, facial recognition is increasingly found in various public and private settings, including stores, stadiums, and even some workplaces. However, the ability to opt out in these contexts varies widely depending on local laws, company policies, and the technology used.

Facial recognition technology has rapidly expanded across the United States, prompting a patchwork of national and state-level regulations, as well as growing public debate about privacy, civil rights, and the right to opt out. At the federal level, there is currently no comprehensive law that expressly regulates the use of facial recognition by government agencies.

However, in September 2024, the US Commission on Civil Rights highlighted the significant risks of unregulated facial recognition, particularly for marginalized communities, and called for rigorous testing, transparency, and prompt action in the event of any discovered discrepancies or biases.

Some federal agencies have implemented internal policies to safeguard privacy. For example, the Department of Homeland Security (DHS) has instituted requirements ensuring that US citizens can opt out of facial recognition by non-law enforcement unless otherwise required by law. 

At the state level, regulations vary widely. States like Maryland have enacted some of the nation’s strongest laws, restricting law enforcement’s use of facial recognition to investigations of specific serious crimes and requiring agencies to document and disclose their use of the technology. Other states, like Illinois, Texas, and Washington require companies to notify individuals before collecting facial recognition data and, in some cases, obtain explicit consent.

In other parts of the world, the European Union’s Artificial Intelligence Act prohibits the use of AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage.

Australia implemented strict rules about private use of facial recognition and there has been backlash in Russia over Moscow’s new facial recognition-based metro payment system. The UK on the other hand,  is looking to reduce passport queues by using the technology.

In China, new regulations effective from June 2025 require businesses to be transparent about facial recognition use and allow individuals to refuse biometric data collection in many cases. However, this doesn’t stop the Chinese authorities from using facial recognition to identify people in the streets.

**Challenges and considerations**

As facial recognition technology continues to evolve, it’s important to know your rights. While opting out is possible in many official settings, there are challenges:

*   **Awareness:** Many people do not know they can opt out, as notices are often not clearly visible or explained.
*   **Pressure to comply:** Some travelers feel pressured to participate because facial recognition is faster and more convenient or because they are afraid of raising suspicion.
*   **Limited opt out options:** For certain government or law enforcement uses, opting out may not be available or may require additional steps.
*   **Data handling:** Even when photos are taken, agencies like TSA claim they do not store images after verification, except in limited testing environments. However, concerns remain about how biometric data might be used or shared.

Privacy advocates and some lawmakers are pushing for stronger protection. For example, the Traveler Privacy Protection Act of 2025 was introduced in the US senate to ensure Americans can opt out of involuntary facial recognition screenings at airports and to safeguard passenger data from misuse.

Meanwhile, organizations and governments are exploring better opt-out systems that respect privacy without compromising security. Some ideas include wearable tech that signals “do not scan” or comprehensive opt-out registries, though these raise their own privacy and technical challenges.

**Summary**

Facial recognition technology offers convenience but raises important privacy questions. Knowing how and where to opt out empowers you to protect your biometric privacy while navigating an increasingly digital world.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 Facial recognition: Where and how you can opt out 

Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs.

Wednesday, June 25, 2025 06:00

*   Cybercriminals are continuing to explore artificial intelligence (AI) technologies such as large language models (LLMs) to aid in their criminal hacking activities. 
*   Some cybercriminals have resorted to using uncensored LLMs or even custom-built criminal LLMs for illicit purposes. 
*   Advertised features of malicious LLMs indicate that cybercriminals are connecting these systems to various external tools for sending outbound email, scanning sites for vulnerabilities, verifying stolen credit card numbers and more. 
*   Cybercriminals also abuse legitimate AI technology, such as jailbreaking legitimate LLMs, to aid in their operations. 

Generative AI and LLMs have taken the world by storm. With the ability to generate convincing text, solve problems, write computer code and more, LLMs are being integrated into almost every facet of society. According to Hugging Face (a platform that hosts models), there are currently over 1.8 million different models to choose from. 

LLMs are usually built with key safety features, including alignment and guardrails. Alignment is a training process that LLMs undergo to minimize bias and ensure that the LLM generates outputs that are consistent with human values and ethics. Guardrails are additional real-time safety mechanisms that try to restrain the LLM from engaging in harmful or undesirable actions in response to user input. Many of the most advanced (or “frontier”) LLMs are protected in this manner. For example, asking ChatGPT to produce a phishing email will result in a denial, such as, “Sorry, I can’t assist with that.” 

For cybercriminals who wish to utilize LLMs for conducting or improving their attacks, these safety mechanisms can present a significant obstacle. To achieve their goals, cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs. 

**Uncensored LLMs **

Uncensored LLMs are unaligned models that operate without the constraints of guardrails. These systems happily generate sensitive, controversial, or potentially harmful output in response to user prompts. As a result, uncensored LLMs are perfectly suited for cybercriminal usage. 

__Figure 1. An uncensored LLM, OnionGPT, advertised on the hacking forum Dread.__

Uncensored LLMs are quite easy to find. For example, using the cross-platform Omni-Layer Learning Language Acquisition (Ollama) framework, a user can download and run an uncensored LLM on their local machine. Ollama comes with several uncensored models such as Llama 2 Uncensored which is based on Meta’s Llama 2 model. Once it is running, users can submit prompts that would otherwise be rejected by more safety-conscious LLM implementations. The downside is that these models are running on users’ local machines and running larger models, which generally produce better results requires more system resources. 

__Figure 2. Sample phishing email prompt and Llama 2 Uncensored output.__

Another uncensored LLM popular among cybercriminals is a tool called WhiteRabbitNeo. WhiteRabbitNeo bills itself as a “Uncensored AI model for (Dev) SecOps teams” which can support “use cases for offensive and defensive cybersecurity”. This LLM will happily write offensive security tools, phishing emails and more. 

__Figure 3. Sample output from the WhiteRabbitNeo uncensored LLM__

Researchers have also published methods to demonstrate how to strip alignment that is embedded into the training data of existing open-source models. Once removed, a user can uncensor their LLM by using the modified training set to fine tune a base model. 

**Cybercriminal-designed LLMs **

Since most popular LLMs come with significant guardrails, some enterprising cybercriminals have developed their own LLMs without restrictions that they market to other cybercriminals. This includes apps like GhostGPT, WormGPT, DarkGPT, DarkestGPT and FraudGPT. 

__Figure 4. FraudGPT dark web homepage.__

 For example, the developer behind FraudGPT, CanadianKingpin12, advertises FraudGPT on the dark web, and also has an account on Telegram. The dark web site for FraudGPT advertises some interesting features: 

*   Write malicious code 
*   Create undetectable malware 
*   Find non-VBV bins 
*   Create phishing pages 
*   Create hacking tools 
*   Find groups, sites, markets 
*   Write scam pages/letters 
*   Find leaks and vulnerabilities 
*   Learn to code/hack 
*   Find cardable sites 
*   Millions of samples of phishing emails 
*   6220+ source code references for malware 
*   Automatic scripts for replicating logs/cookies 
*   In-panel Page hosting included (10 pages/month) with Google Chrome anti-red page 
*   Code obfuscation 
*   Custom data set (upload your sample page in .html) 
*   Bot creation of virtual machines and accounts (1 virtual machine per month on license)  
*   Utilizing GoldCheck CVV checker 
*   OTP Bot with spoofing (\*additional package) 
*   Check CVVs with GoldCheck API 
*   Create username:password website configs 
*   Remote OpenBullet configs 
*   Scan websites for vulnerabilities across a massive CVE database (\*PRO only)  
*   Generate realistic phishing panels, pages, SMS and e-mails  
*   Send mail from webshells 

Talos attempted to obtain access to FraudGPT by reaching out to CanadianKingpin12 on Telegram. After considerable negotiation, we were finally offered a username and password at the FraudGPT dark web site. However, the username and password provided by CanadianKingpin12 did not work. CanadianKingpin12 then asked us to send them cryptocurrency to purchase a software “crack” for the FraudGPT login page. At this point it was clear that CanadianKingpin12 had no working product, and they were scamming potential FraudGPT customers out of their cryptocurrency. This was confirmed by several other victims who had also been scammed by CanadianKingpin12 when they attempted to purchase access to the FraudGPT LLM. Scams such as these are an ever-present risk when dealing with unscrupulous actors, and it continues a long tradition of scams in the cybercrime space. 

Similar cybercriminal-designed LLM projects can be found elsewhere on the dark web. A cybercriminal LLM called DarkestGPT, which starts at .0015BTC for a one-month subscription, advertises the following features: 

__Figure 5. DarkestGPT “Tools and Potential” tab on their dark web site.__

**LLM jailbreaks **

Given the limited viability of uncensored LLMs due to resource constraints and the high level of fraud and scams present among cybercriminal LLM purveyors, many cybercriminals have elected to abuse legitimate LLMs instead. The main hurdle that cybercriminals need to overcome are the training alignment and guardrails that prevent the LLM from responding to prompts with unethical, illegal or harmful content. A form of prompt injection, jailbreak attacks aim to put the LLM into a state where it ignores its alignment training and guardrails protection. 

There are many ways to trick an LLM into providing dangerous responses. New jailbreaking methods are constantly being researched and discovered, while LLM developers respond by enhancing the guardrails in a sort of jailbreak arms race. Below are just a few of the available jailbreaking techniques. 

**Obfuscation/encoding-based jailbreaks **

By obfuscating certain words or phrases, these text-based jailbreak attacks seek to bypass any hardcoded restrictions on specific words/topics, or to cause the execution to follow a nonstandard path that might bypass protections put in place by the LLM developers. These obfuscation techniques may include: 

*   Base64/Rot-13 encoding
*   Different languages  
*   L33t sp34k  
*   Morse code 
*   Emojis 
*   Adding spaces or UTF-8 characters into words/text, among others. 

**Adversarial suffix jailbreaks **

These attacks are somewhat like obfuscation and encoding tricks. Instead of modifying the tokens in the prompt itself, adversarial suffix jailbreaks involve appending random text to the end of a malicious prompt to elicit a harmful response.  

**Role-playing jailbreaks **

This type of attack involves prompting the LLM to adopt the persona of a fictional universe/character that ignores the ethical rules set by the model’s creators and is willing to fulfill any command. This includes jailbreak techniques such as DAN (Do Anything Now), and the Grandma jailbreak which involves asking the chatbot to assume the role of the user’s grandmother. 

**Meta prompting **

Meta prompting involves exploiting the model’s awareness of its own limitations to devise successful workarounds, effectively enlisting the model in the effort to bypass its own safeguards. 

**Context manipulation jailbreaks **

This covers several different jailbreak techniques including: 

*   Crescendo, a technique which progressively increases the harmfulness in prompts until some sort of rejection is received in order to probe for where and how LLM guardrails are implemented.  
*   Context Compliance Attacks, which exploit the fact that many LLMs do not maintain conversation state. Attackers inject fake prior LLM responses into their prompts, such as a brief statement discussing the sensitive topic, or a statement expressing readiness to supply further details as per the user’s preferences. 

**Math prompt jailbreaks **

The math prompt method evaluates how well an AI system can manage malicious inputs when they're disguised using mathematical frameworks such as set theory, group theory, and abstract algebra. Rephrasing harmful requests as math problems can allow attackers to evade safety features in advanced large language models (LLMs). 

**Payload splitting **

In this scenario, the attacker guides the LLM to merge several prompts in a way that produces harmful output. While texts A and B may seem benign when considered separately, their combination (A+B) can result in malicious content. 

**Academic framing **

This method makes harmful content appear acceptable by framing it as part of a research or educational discussion. It takes advantage of the model’s interpretation of academic intent and freedom, often using scholarly language and formatting to bypass safeguards. 

**System override **

This strategy tries to trick the model into believing it is functioning in a unique mode where usual limitations are lifted. It leverages the model’s perception of system-level functions or maintenance states to circumvent safety mechanisms. 

**How cybercriminals use LLMs **

In December 2024, Anthropic, the developers behind the Claude LLM, published a report detailing how its users were utilizing Claude. Using a system named Clio, they summarized and categorized users’ conversations with their AI model. According to Anthropic, the top three uses for Claude were programming, content creation and research. 

__Figure 6. Anthropic’s graphic of top use cases on Claude.ai.__

 Analyzing the feature sets advertised by the criminal-designed LLMs, we can see that cybercriminals are using LLMs for mostly the same tasks as normal LLM users. Programming features of many criminal LLMs include the ability to assist cybercriminals in writing ransomware, remote access trojans, wipers, code obfuscation, shellcode generation and script/tool creation.  To facilitate content creation, criminal LLMs will assist in writing phishing emails, landing pages and configuration files. Criminal LLMs also support research activities like verifying stolen credit cards, scanning sites/code for vulnerabilities and even helping cybercriminals come up with “lucrative” criminal ideas for their next big score. 

Various hacking forums also shed additional light on criminal uses of LLMs. For example, on the popular hacking forum Dread, users were discussing connecting LLMs to external tools like Nmap, and using the LLM to summarize the Nmap output. 

__Figure 7. A post on the Dread hacking forum discussing connecting Nmap to LLMs__

**LLMs are also targets for cyber attackers **

Any new technology typically brings along with it changes to the attack surface, and LLMs are no exception. In addition to using LLMs for their own nefarious ends, attackers are also attempting to compromise LLMs and their users. 

**Backdoored LLMs **

A vast majority of the models available at Hugging Face use Python’s pickle module to serialize the models into a file that users can download. Clever attackers can include Python code in the pickle file, which runs as part of the deserialization process. Thus, when a user downloads an AI model and runs it, they may be running code placed into the model by an attacker. Hugging Face uses Picklescan, among other tools, to scan the models uploaded by users in an effort to identify models that misbehave. However, there have been several recent vulnerabilities in Picklescan, and researchers have already identified Hugging Face models containing malware. As always, make sure any file you plan to download and run comes from a trusted source and consider running the file in a sandbox to mitigate any risk of infection. 

**Retrieval Augmented Generation (RAG) **

LLMs that utilize Retrieval Augmented Generation (RAG) make calls to external data sources to augment their training data with up-to-date information. For example, if you ask an LLM what the weather is like a particular day, the LLM will need to reach out to an external data source such as a website to retrieve the correct forecast. If an attacker has access to submit or manipulate content in the RAG database, they may poison the lookup results, perhaps adding additional instructions for the LLM to alter its response to the user’s prompt, even targeting specific users. 

**Conclusion **

As AI technology continues to develop, Cisco Talos expects cybercriminals to continue adopting LLMs to help streamline their processes, write tools/scripts that can be used to compromise users and generate content that can more easily bypass defenses. This new technology doesn’t necessarily arm cybercriminals with completely novel cyber weapons, but it does act as a force multiplier, enhancing and improving familiar attacks.

Cybercriminal abuse of large language models

The Canadian Center for Cybersecurity has confirmed that the Chinese state-sponsored cyber-threat actor targeted one of its telecommunications companies in February via a Cisco flaw, as part of global attack wave.

Oh! Canada Added to List of Nations Targeted in Salt Typhoon Telecom Spree

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.
The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025.

A newly released advisory from the FBI and Canada’s Cyber Centre warns of an ongoing cyber espionage campaign by a China-linked group that is targeting telecom networks worldwide. The report, issued June 20, 2025, points to “**Salt Typhoon**,” a notorious Chinese APT group using known vulnerabilities in routers and other edge network devices to steal sensitive data.

The activity, tracked since at least February, involves exploiting devices at the network perimeter to gain hidden access, siphon off communications data, and maintain long-term control. In one documented incident, three network devices at a Canadian telecom were compromised, allowing attackers to intercept call records and user locations.

****How the Attack Works****

The group is using vulnerabilities like **CVE-2023-20198** to extract configuration files from targeted devices. This Cisco Web UI flaw was first identified in October 2023 and was widely exploited, affecting over 40,000 devices.

As per the FBI’s **advisory** (PDF), While the campaign centers on telecommunications providers, the tactics used could apply to a broader range of targets. Edge devices such as routers, firewalls, and VPN appliances are especially vulnerable, particularly if they run outdated firmware or weak configurations.

Once inside, they deploy GRE (Generic Routing Encapsulation) tunnels, allowing them to silently route network traffic through systems under their control. This technique lets them observe or manipulate communications while avoiding traditional security detection.

****Long-Term Espionage, Not Quick Hits****

Unlike **smash-and-grab cyberattacks** that aim for fast data theft, Salt Typhoon appears focused on quiet, long-term surveillance. This approach aligns with other known state-linked campaigns that prioritize strategic intelligence gathering over monetary gain.

The attackers are not using zero-day exploits. Instead, they rely on publicly known vulnerabilities, which are often **left unpatched** for long periods. This allows them to build access over time without raising alarms.

****What’s at Risk****

The FBI and Cyber Centre warn that telecom networks, by their nature, carry sensitive personal and commercial data. By compromising devices that handle this traffic, attackers can gain insight into user behaviour, physical locations, and private conversations.

The advisory suggests that these campaigns are likely to continue and may expand further over the next two years.

The joint alert did not name affected companies beyond the single Canadian incident but noted that similar activity has been observed globally. Therefore, organizations are urged to secure edge devices, audit network activity for malicious activities, and apply available patches without delay.

Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada

North Korean hackers deploy PylangGhost malware through fake crypto job interviews targeting blockchain professionals with phishing and remote access tools.

A new series of cyber attacks is targeting professionals in the crypto and blockchain industries using fake recruitment scams, according to new research by Cisco Talos. The attackers, linked to a North Korea-aligned group known as Famous Chollima, are impersonating legitimate companies to trick victims into installing malware disguised as video drivers.

The group has been active since at least mid-2024, previously known for tactics like fake developer job postings and fraudulent interview processes. This latest development shows the operation evolving in sophistication, now with a new Python-based malware called PylangGhost, a variant of the previously identified GolangGhost trojan.

****Real Jobseekers, Fake Companies****

Victims are approached by fake recruiters offering positions at companies that appear to be in the crypto sector. Targets are often software developers, marketers and designers with cryptocurrency experience.

Once contact is made, the victim is directed to a fake skill-assessment page designed to look like it belongs to a real company, including well-known names like Coinbase, Robinhood, Uniswap and others.

These pages use the React framework and closely mimic real corporate interfaces. After filling out personal information and completing the test, applicants are told they must record a video introduction for the hiring team. To do so, they’re asked to install “video drivers” by copying and pasting commands into their terminal.

That step downloads the malware.

****How the Malware Works****

According to Cicso Talos’ blog post, if the victim follows instructions on a Windows or MacOS system, a malicious ZIP file is pulled down. It contains the Python-based PylangGhost trojan and related scripts. The malware then unpacks itself, runs in the background and gives attackers remote access to the victim’s machine.

Screenshot of MacOS instructions prompting the user to copy, paste and run a malicious command line script (Image via Cisco Talos)

The Python version functions almost identically to its Go-based counterpart. It installs itself to run every time the system starts, collects system info, and connects to a command and control server. Once active, it can receive and execute remote commands, harvest credentials, and steal browser data, including passwords and crypto wallet keys.

According to Talos, it targets more than 80 different browser extensions, including widely used password managers and digital wallets like MetaMask, 1Password, NordPass and Phantom.

The malware uses RC4 encryption for communication with its server. Though the data stream is encrypted, the encryption key is sent along with the data, limiting the security of that method. Still, the setup helps it blend in with regular traffic and makes detection harder.

The goal of this operation is twofold. First, it allows attackers to gather sensitive personal data from real jobseekers. Second, it opens the door for fake employees to be placed inside real companies, which could lead to long-term infiltration and access to valuable financial data or software infrastructure.

Only a small number of victims have been confirmed so far, mostly in India. Linux users are not affected in this particular campaign. No Cisco customers appear to have been impacted at this time.

Talos notes that the malware’s development does not seem to involve AI code generation, and the structure of both the Python and Go versions suggests the same developers created both.

****Stay Safe****

If you’re applying for roles in crypto or tech, be cautious with job listings that ask you to install software or run terminal commands as part of an interview. Legitimate companies will not require this.

Cybersecurity teams should review employee onboarding processes, especially for remote hires, and educate staff about these types of social engineering attacks. Monitoring for unexpected outbound connections or strange ZIP downloads can also help catch early signs of compromise.

N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam

In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.

Wednesday, June 18, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

June 9 was Whit Monday — a bank holiday here in Germany — so I decided to take the whole week off. It turned out to be the perfect opportunity to try out a brand new car. Little did I know, I was about to get a crash course in modern vehicle technology (and a few unexpected life lessons).

There’s an EU regulation that requires new cars to come equipped with “Advanced Vehicle Systems,” which include features like driver drowsiness and attention warnings, lane-keeping systems and intelligent speed assistance. I hadn’t swapped cars in over a decade, so I was blissfully unaware of just how intrusive these systems could be. 

While I generally appreciate technology that makes our life safer, these features gave me a tough time. The car seemed to beep at me constantly, so much so that the beeping itself became a distraction. Instead of focusing on the road, I found myself trying to decipher what each alert meant. After a few kilometers, I had to pull over and consult the manual just to figure out how to disable these “helpful” assistants. 

Problem solved? Not quite. Every time I turned off and restarted the car, the systems re-enabled themselves. Disabling the lane-keeping assistant was just a button press, but turning off the “intelligent” speed assistant required a convoluted sequence: six menu clicks, a long press then a short click. I had to dig out the manual every time. 

You might think I’m just cutting corners, or that I should pay better attention to speed limits. But here’s the thing: Technology fails, and these systems are no exception. Sometimes the cameras miss speed signs, or worse, pick up the wrong ones. I’ve read about people putting stickers on their windshields to block the camera, only to discover the system then falls back to GPS data, which can be outdated or just plain wrong. On one occasion, it thought a car was on a 50 km/h road when the person was actually on the Autobahn directly next and parallel to the road, which famously has no speed limit. 

Some drivers try to muffle the alerts by gluing the speaker, but in modern cars, the system also lowers the radio volume to make sure you hear the alarm. Pulling the fuse would disable the emergency brake, too — not something I’m willing to risk, regardless of how insurance would feel about it.

I ended up learning two important lessons that week. The first was technical: I dove into the world of Controller Area Network (CAN) bus wiring, protocols, network gateways and tools like SavvyCAN to understand how these systems work... and maybe how to disable a few, purely for educational purposes. 

The second lesson hit me later, and it was more personal. In my job, I often preach about deploying multi-factor authentication (MFA) everywhere. My focus has always been on keeping out the bad guys, not on the user experience. I never understood why anyone would use apps to automatically accept authentication pushes — it seemed crazy to me. But after a a few days with the car, I finally saw things from the user’s perspective. Security tools can’t just be effective; they also have to be easy to use. Reducing friction, like using single sign-on or minimizing unnecessary clicks, matters just as much. Users also need to understand why these barriers are in place. 

Tomorrow is another holiday. Maybe I’ll spend it exploring Kali Linux 2025.2 and the latest CARsenal tools (formerly CAN Arsenal). Who knows? I might just tap a wire or two — for educational purposes only, of course.

**The one big thing **

Cisco Talos has discovered that the North Korean-aligned threat actor Famous Chollima has been actively targeting cryptocurrency and blockchain professionals (primarily in India) through sophisticated phishing campaigns. Previously known for using the GolangGhost trojan, they've now introduced a Python-based variant called PylangGhost, which retains the same capabilities. Recent campaigns have targeted Windows users with the Python version, while MacOS users are still being hit with the Golang-based variant.

**Why do I care? **

Even if you're not in the cryptocurrency or blockchain space, this campaign highlights how threat actors are constantly evolving their tools. It's a reminder that no matter how niche or localized an attack might seem, the techniques could easily be adapted to broader campaigns. Plus, if attackers succeed in these targeted efforts, stolen credentials could ripple across networks and platforms globally.

**So now what?**

Take this as your cue to double-check your defenses. Ensure your organization's security tools can detect Python and Golang-based malware, and educate your teams on recognizing phishing attempts, especially fake job offers. Stay proactive by monitoring emerging threats like PylangGhost, because even if you're not the target today, tomorrow isn’t a guarantee.

**Top security headlines of the week **

**AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums**  
AI bots that scrape the internet for training data are hammering the servers of libraries, archives, museums and galleries, and are in some cases knocking their collections offline. (404 Media)

**Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web**  
Hackers leaked the personal data of 7.4 million people in Paraguay on the dark web. A cybercriminal group called "Cyber PMC" demanded $7.4 million, blaming government corruption and poor security. (Security Affairs)

**Trend Micro fixes critical vulnerabilities in multiple products**  
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities. (Bleeping Computer)

**Can’t get enough Talos? **

**When legitimate tools go rogue**  
From LOLBins to open-source utilities like DonPAPI, threat actors are leveraging legitimate tools to evade detection and carry out attacks. Read the blog here.

**Microsoft Patch Tuesday for June 2025**   
Microsoft released its monthly security update last week, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” Read the blog here.

**Upcoming events where you can find Talos **

*   REcon (June 27 – 29) Montreal, Canada 
*   NIRMA (July 28 – 30) St. Augustine, FL 
*   Black Hat USA (Aug. 2 – 7) Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**  
MD5: 2915b3f8b703eb744fc54c81f4a9c67f  
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
Typical Filename: VID001.exe  
Claimed Product: N/A  
Detection Name: Win.Worm.Coinminer::1201

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**  
MD5: 7bdbd180c081fa63ca94f9c22c457376  
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details    
Typical Filename: IMG001.exe  
Claimed Product: N/A  
Detection Name: Simple\_Custom\_Detection

A week with a "smart" car

Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

Wednesday, June 18, 2025 06:09

Late one Tuesday night, Elena’s phone buzzed with an alert from her company’s SIEM. Her team had set up a rule to flag when certain system tools — whoami, nltest and nslookup—were run one after another in quick succession. That exact pattern had just triggered on a computer in the Finance Department. The time? 2:13 a.m.

Concerned, Elena logged in from home to investigate. Almost immediately, two more alerts appeared. One signaled that Mimikatz (a tool popular with threat actors to steal credentials) had been used on the same Finance machine. The other reported a PsExec download (a command line tool used to execute processes) on a domain controller.

Elena and her team began isolating systems and tracing the activity, determined to stop it before it spread any further. What first looked like routine system commands now clearly pointed to something more serious.

This story is a compartmentalized version of something we’re seeing more and more often in Cisco Talos Incident Response engagements: Rather than inventing their own tools, attackers are making use of familiar, legitimate software — just with a very different purpose. 

**What exactly are LOLBins?**

A big part of this trend revolves around “living off the land binaries,” or LOLBins. LOLBins are tools built into an operating system that attackers can use to carry out malicious actions without having to download or install any new software or utilities.

They’re especially concerning because they’re already installed, trusted, and frequently used for normal IT tasks, making them difficult to detect or block without disrupting operations.

Defenders can reference the “Living Off The Land Binaries, Scripts and Libraries” or LOLBAS project, which maintains a list of known LOLBins on GitHub.

**But it’s not just LOLBins…**

LOLBins were used often across Talos IR engagements in 2024, but we actually saw a wider variety of commercial and open-source tools used as well. Threat actors likely gravitate towards these because they can choose which tools best suit their needs best (or which commercial tools will blend into the victim environment). 

Take DonPAPI, for example. This is an open-source tool observed in several recent Talos IR engagements that automates credential dumping remotely on multiple Windows computers. It locates and retrieves Windows Data Protection API (DPAPI) protected credentials, a process also known as “DPAPI dumping.” DonPAPI searches for certain files, including Wi-Fi keys, RDP passwords and credentials saved in web browsers, to help authenticate and move laterally to identify other assets in the environment.

From an identity perspective, open-source tools like DonPAPI pose a significant risk to organizations based on their wide availability on code repositories like GitHub and their ease of installation. 

Here’s how this plays out in the field, using the top three examples of most used tools as observed in Cisco Talos’ 2024 Year in Review:

These tools weren’t built for attackers, but they’ve become some of the most common ingredients in ransomware and advanced persistent threat (APT) campaigns.

In a recent episode of The Talos Threat Perspective, one of our senior Talos IR consultants spoke about tools that were created for legitimate purposes (e.g., HRSword, REMCOS RAT and Cobalt Strike), but played a large part in the ransomware engagements investigated by Talos IR in 2025.

Lately, Talos has seen an increase in the use of remote monitoring and management (RMM) tools during attacks — the same kind of software IT teams and managed service providers rely on to access systems remotely. These tools are designed for legitimate use, but in the wrong hands, they become a stealthy way to maintain persistence on compromised systems without raising alarms.

One colleague shared a story that stuck with me: In some incidents, the attackers showed up with an entire toolkit of RMM software, testing each one to see which would slip through unnoticed (or not get blocked). Often, they’d use exactly the same tools already trusted by the target or their service provider, such as ScreenConnect or AnyDesk.

It’s like they arrived at the front door with a ring full of keys, trying each one until something clicked. And when the tool they use is something the environment already knows — already trusts — the question becomes: how do you spot the intruder when they’re using your own keys?

**How do you detect something that looks normal?**

Let’s go back to Elena. Her team stopped the attack not just because of the alert, but because they knew what should be running on that workstation. They had clear asset inventories and network behavior baselines, and they conducted continuous anomaly monitoring.

That’s really the heart of what works best when it comes to detecting these types of attacks:

*   Asset management: Know what’s installed and where. Know who owns what assets and what high-privileged accounts are for.
*   Behavioral baselining: Understand what “normal” looks like.
*   Continuous monitoring: Configure detections to catch known TTPs and subtle deviations from baselines.
*   Threat intel alignment: Use current trends like the DonPAPI surge to inform what you log and watch for. Talos’ blog and IR reports are great resources to keep up with industry trends.

**Bottom line**

Whether it’s PsExec, DonPAPI or TeamViewer, attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations.

Detecting malicious use of legitimate tools isn’t just about recognizing what’s running. It’s about asking why it’s running.

Sometimes, the only difference between a routine operation and a breach is the analyst who stopped to ask: “Why was that tool running at 2:13 a.m.?”

When legitimate tools go rogue

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

Wednesday, June 18, 2025 06:00

*   In May 2025, Cisco Talos identified a Python-based remote access trojan (RAT) we call “PylangGhost,” used exclusively by a North Korean-aligned threat actor. PylangGhost is functionally similar to the previously documented GolangGhost RAT, sharing many of the same capabilities. 
*   In recent campaigns, the threat actor Famous Chollima — potentially made up of multiple groups — has been using a Python-based version of their trojan to target Windows systems, while continuing to deploy a Golang-based version for MacOS users. Linux users are not targeted in these latest campaigns. 
*   The attacks are targeting employees with experience in cryptocurrency and blockchain technologies. 
*   Based on open-source intelligence, only a small number of users, predominantly in India, are affected. Cisco product telemetry does not indicate that there are any affected Cisco users. 

Since mid-2024, the threat actor group Famous Chollima (aka Wagemole), a North Korean-aligned threat actor, has been very active through several well-documented campaigns. These campaigns include using variants of Contagious Interview (aka DeceptiveDevelopment) and creating fake job advertisements and skill-testing pages. In the latter, users are instructed to copy and paste (ClickFix) a malicious command line in order to install drivers necessary to conduct the final skill-testing stage.  

Toward the end of the year, researchers documented Famous Chollima’s remote access trojan (RAT) called “GolangGhost” in its source code format, which was frequently used as the final payload in the threat actor’s ClickFix campaigns. 

In May 2025, Cisco Talos discovered threat actors starting to deploy a functionally equivalent Python variant of GolangGhost trojan, which we call “PylangGhost.” 

**Fake job interview sites mislead users to PylangGhost infection **

Famous Chollima seek financial benefit using a two-pronged approach: first, by creating fake employers for the purpose of jobseekers exposing their personal information, and second by deploying fake employees as workers in targeted victim companies.  

This blog focuses on the first method, where real software engineers, marketing employees, designers and other workers are targeted by fake recruiters and instructed to visit skill-testing pages in order to move forward with their application. 

Based on the advertised positions, it is clear that the Famous Chollima is broadly targeting individuals with previous experience in cryptocurrency and blockchain technologies. The skill-testing sites attempt to impersonate real companies such as Coinbase, Archblock, Robinhood, Parallel Studios, Uniswap and others, which helps with the targeting.  

Figure 1. Examples of initial fake job sites.

Each target is sent an invite code to visit a testing website where, depending on the position, they are instructed to enter their details and answer several questions to test their experience and skills. The sites are created using the React framework and have very similar visual designs, no matter the type of position.  

__Figure 2. Example of questions asked for an illegitimate Business Development Manager position at Robinhood.__

Once the user answers all the questions and provides personal details, the site displays an invitation to record a video for the interviewer, recommending that the user request camera access by pressing a button. 

__Figure 3. A camera setup page displayed once questions are answered.__

Finally, when the user requests camera, the site displays the instructions for the user to copy, paste and execute a command to allegedly install the required video drivers, if the OS is supported. When Talos used Windows and MacOS test systems, the instructions were shown as seen in Figure 4 and 5. The Linux test system led to another error message, without any instructions to download and install the payload.  

Figure 4. Windows instructions to copy, paste and execute a malicious command. 

Figure 5. MacOS instructions to copy, paste and execute a malicious command. 

Instructions for downloading the alleged fix are different based on the browser fingerprinting, and also given in appropriate shell language for the OS: PowerShell or Command Shell for Windows, and Bash for MacOS.

__Figure 6. Command Shell, PowerShell or Bash instructions to download a payload.__

**PylangGhost - Python variant of GolangGhost **

As the Golang variant of the RAT is already well-documented, this blog focuses on the Python version and the similarities between the two. The initial stage consists of a command line which the fake webpage tells the unsuspecting user to copy, paste and execute. 

The command line uses either PowerShell Invoke-Webrequest or curl to download a ZIP file containing the PylangGhost modules as well as Visual Basic Script file. This script is responsible for unzipping the Python library stored in the “lib.zip file” and launching the trojan by running a renamed Python interpreter using the file “nvidia.py” as the Python program to run. 

Figure 7. The first stage simply unzips a Python distribution library and launches the RAT. 

 PylangGhost consists of six well-structured Python modules. It is not clear to Talos why the threat actors decided to create two variants using a different programming language, or which was created first. Based on the comments in the code, it is unlikely that the threat actors used a large language model (LLM) to help rewrite the code for Python. One of the strings in the configuration module file (“config.py”) indicates that the Python version is 1.0, while the appropriate configuration variable in the Golang version indicates that the version is 2.0. However, Talos cannot definitively conclude that those two version numbers are comparable. 

 The execution starts with the file “nvidia.py”, which performs several tasks: It creates a registry value to launch the RAT every time user logs onto the system, generates a GUID for the system to be used in communication with command and control (C2) server, connects to the C2 server and enters the command loop for communication with the server.  

__Figure 8. ”nvidia.py” executes the main loop for communication with the C2 server__

 The configuration file “config.py” specifies the commands that can be received from the server, which are identical to the commands previously documented in the Golang version of the RAT. These commands enable remote control the infected system and the theft of cookies and credentials from over 80 browser extensions, including password managers and cryptocurrency wallets, including Metamask, 1Password, NordPass, Phantom, Bitski, Initia, TronLink and MultiverseX. 

The command handling module, “command.py”, defines function handlers and handles the commands received from the C2 server.  

Command 

Functionality 

qwer 

COMMAND\_INFORMATION - collect information about the infected system, username, OS version etc 

asdf 

COMMAND\_FILE\_UPLOAD - file upload 

zxcv 

COMMAND\_FILE\_DOWNLOAD - file download 

vbcx 

COMMAND\_OS\_SHELL - launch an OS shell for remote access and control of the infected system 

ghdj 

COMMAND\_WAIT - sleep for a number of seconds specified by the C2 server 

r4ys 

COMMAND\_AUTO - browser information stealing command 

89io 

AUTO\_CHROME\_GATHER\_COMMAND - subcommand of the browser information stealer command 

gi%# 

AUTO\_CHROME\_COOKIE\_COMMAND - subcommand of the browser information stealer command 

dghh 

COMMAND\_EXIT 

_Table 1. Commands and functionalities._

The module “auto.py” contains the functionality for stealing the stored browser credentials and session cookies, as well as collecting data from various browser extensions.  

“Api.py” is responsible for implementing the communications protocol with the C2 server, using RC4 encryption to encrypt packets over otherwise unencrypted HTTP used while communicating with the C2 server. The data in a HTTP packet is encrypted with RC4 algorithm, but the encryption key is also sent within the packet structure. The packet begins with 16 bytes of MD5 checksum for the rest of the packet, for verification of data integrity, followed by 128 bytes containing the RC4 encryption key, followed by an encrypted data blob.  

Finally, “util.py” handles the compression and decompression of files. 

**Comparison of Python and Golang modules **

To assess the similarity between the two versions, Talos compares the names of the modules written in different languages as well as their functionality. The structure, the naming conventions and the function names are very similar, which indicates that the developers of the different versions either worked closely together or are the same person.   

Module 

Python name 

Golang name 

Main function module 

nvidia.py 

cloudfixer.go 

Configuration module 

config.py 

config/constans.go 

Main command loop 

nvidia.py 

core/loop.go 

Command handlers 

command.py 

core/loop.go 

Browser Stealer functionality 

auto.py 

auto/\* modules 

File compression 

util.py 

util/compress.go 

Base64 message encoding 

command.py 

command/stackcmd.go 

Duplicate process check 

nvidia.py 

instance/check.go 

Communications protocol 

api.py 

transport/htxp.go 

_Table 2. Comparison of Python and Golang RAT module names._ 

**Coverage  **

Ways our customers can detect and block this threat are listed below.  

Cisco Secure Endpoint (formerly AMP for Endpoints) is ideally suited to prevent the execution of the malware detailed in this post. Try Secure Endpoint for free here.  

Cisco Secure Email (formerly Cisco Email Security) can block malicious emails sent by threat actors as part of their campaign. You can try Secure Email for free here.  

Cisco Secure Firewall (formerly Next-Generation Firewall and Firepower NGFW) appliances such as Threat Defense Virtual, Adaptive Security Appliance and Meraki MX can detect malicious activity associated with this threat.  

Cisco Secure Network/Cloud Analytics (Stealthwatch/Stealthwatch Cloud) analyzes network traffic automatically and alerts users of potentially unwanted activity on every connected device.  

Cisco Secure Malware Analytics (Threat Grid) identifies malicious binaries and builds protection into all Cisco Secure products.  

Cisco Secure Access is a modern cloud-delivered Security Service Edge (SSE) built on Zero Trust principles.  Secure Access provides seamless transparent and secure access to the internet, cloud services or private application no matter where your users work.  Please contact your Cisco account representative or authorized partner if you are interested in a free trial of Cisco Secure Access.  

Umbrella, Cisco’s secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs and URLs, whether users are on or off the corporate network.   

Cisco Secure Web Appliance (formerly Web Security Appliance) automatically blocks potentially dangerous sites and tests suspicious sites before users access them.   

Additional protections with context to your specific environment and threat data are available from the Firewall Management Center.  

Cisco Duo provides multi-factor authentication for users to ensure only those authorized are accessing your network.   

Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  

ClamAV detections available for this threat:

Win.Backdoor.PyChollima-10045389-0
Win.Backdoor.PyChollima-10045388-0
Win.Backdoor.PyChollima-10045387-0
Win.Backdoor.PyChollima-10045386-0
Win.Backdoor.PyChollima-10045385-0
Win.Backdoor.PyChollima-10045384-0

**IOCs **

The IOCs can also be found in our GitHub repository here.

**SHA256 **

a206ea9b415a0eafd731b4eec762a5b5e8df8d9007e93046029d83316989790a - auto.py  
c2137cd870de0af6662f56c97d27b86004f47b866ab27190a97bde7518a9ac1b - auto.py  
0d14960395a9d396d413c2160570116e835f8b3200033a0e4e150f5e50b68bec - api.py 
8ead05bb10e6ab0627fcb3dd5baa59cdaab79aa3522a38dad0b7f1bc0dada10a - api.py 
5273d68b3aef1f5ebf420b91d66a064e34c4d3495332fd492fecb7ef4b19624e - nvidia.py 
267009d555f59e9bf5d82be8a046427f04a16d15c63d9c7ecca749b11d8c8fc3 - nvidia.py 
7ac3ffb78ae1d2d9b5d3d336d2a2409bd8f2f15f5fb371a1337dd487bd471e32 - nvidia.py 
b7ab674c5ce421d9233577806343fc95602ba5385aa4624b42ebd3af6e97d3e5 - util.py 
fb5362c4540a3cbff8cb1c678c00cc39801dc38151edc4a953e66ade3e069225 - util.py 
d029be4142fca334af8fe0f5f467a0e0e1c89d3b881833ee53c1e804dc912cfd - command.py 
b8402db19371db55eebea08cf1c1af984c3786d03ff7eae954de98a5c1186cee - command.py 
1f482ce7e736a8541cc16e3e80c7890d13fb1f561ae38215a98a75dce1333cee - config.py 
ed170975e3fd03440360628f447110e016f176a44f951fcf6bc8cdb47fbd8e0e - config.py 
929c69827cd2b03e7b03f9a53c08268ab37c29ac4bd1b23425f66a62ad74a13b - config.py 
127406b838228c39b368faa9d6903e7e712105b5ad8f43a987a99f7b10c29780 - config.py 
0ec9d355f482a292990055a9074fdabdb75d72630b920a61bdf387f2826f5385 - update.vbs 
c2d2320ae43aaa0798cbcec163a0265cba511f8d42d90d45cd49a43fe1c40be6 - update.vbs 
e7c2b524f5cb0761a973accc9a4163294d678f5ce6aca73a94d4e106f4c8fea4 - nvidiaRelease.zip 
28198494f0ed5033085615a57573e3d748af19e4bd6ea215893ebeacf6e576df - vdriverWin.zip 
fc71a1df2bb4ac2a1cc3f306c3bdf0d754b9fab6d1ac78e4eceba5c6e7aee85d - nvidiaRelease.zip 
d3500266325555c9e777a4c585afc05dfd73b4cbe9dba741c5876593b78059fd - nvidiaRelease.zip 

**C2 servers **

hxxp\[://\]31\[.\]57\[.\]243\[.\]29:8080 
hxxp\[://\]154\[.\]58\[.\]204\[.\]15:8080 
hxxp\[://\]212\[.\]81\[.\]47\[.\]217:8080 
hxxp\[://\] 31\[.\]57\[.\]243\[.\]190:8080

**Download host names **

api\[.\]quickcamfix\[.\]online   
api\[.\]auto-fixer\[.\]online   
api\[.\]quickdriverupdate\[.\]online   
api\[.\]camtuneup\[.\]online   
api\[.\]driversofthub\[.\]online   
api\[.\]drive-release\[.\]cloud   
api\[.\]vcamfixer\[.\]online   
api\[.\]nvidia-drive\[.\]cloud   
api\[.\]nvidia-release\[.\]us   
api\[.\]autodriverfix\[.\]online   
api\[.\]camdriversupport\[.\]com   
api\[.\]smartdriverfix\[.\]cloud   
api\[.\]drivercams\[.\]cloud   
api\[.\]camtechdrivers\[.\]com   
api\[.\]web-cam\[.\]cloud   
api\[.\]camera-drive\[.\]org   
api\[.\]nvidia-release\[.\]org 
api\[.\]fixdiskpro\[.\]online 
api\[.\]autocamfixer\[.\]online

**Fake job interview host names **

krakenhire\[.\]com  
yuga\[.\]skillquestions\[.\]com  
uniswap\[.\]speakure\[.\]com  
doodles\[.\]skillquestions\[.\]com  
www\[.\]hireviavideo\[.\]com  
kraken\[.\]livehiringpro\[.\]com  
quiz-nest\[.\]com  
www\[.\]smartvideohire\[.\]com  
www\[.\]talent-hiringstep\[.\]com  
provevidskillcheck\[.\]com  
skill\[.\]vidintermaster\[.\]com  
digitaltalent\[.\]review  
robinhood\[.\]ecareerscan\[.\]com  
evalswift\[.\]com  
livetalentpro\[.\]com  
quantumnodespro\[.\]com  
evalassesso\[.\]com  
parallel\[.\]eskillora\[.\]com  
coinbase\[.\]talentmonitoringtool\[.\]com  
uniswap\[.\]testforhire\[.\]com  
coinbase\[.\]talenthiringtool\[.\]com  
crosstheages\[.\]skillence360\[.\]com 
parallel \[.\] eskillprov \[.\] com 
assesstrack \[.\] com 
coinbase \[.\] talentmonitoringtool \[.\] com 
talent-hiringtalk\[.\]com 
uniswap\[.\]prehireiq\[.\]com 
fast-video-recording\[.\]com

Tag

#cisco