Security researchers have identified two phishing threats impersonating Cisco and Grammarly. Both phishing operations consist of illegitimate webpages directing users to malware known to researchers as DarkTortilla. The .NET based malware can be configured to deliver various payloads and is known for its several functions that render it extremely stealthy and persistent on networks. Security researchers state that DarkTortilla has been used by several different threat groups since at least 2015 to drop information stealers and other malicious software such as AgentTesla, AsyncRAT, and NanoCore. Some ransomware groups such as Babuk have also leveraged the malware.
Read More: Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages
