The Cisco Talos Company has been following a new version of Smoke Loader - malware that can be used to download malware - Cisco Advanced Malware Protection (AMP) over the last few months. The AMP suspended malware before infecting the host, but the next analysis showed some changes in the Smoke Loader case, which came from malware that interest us. This includes the use of the PROPagate injection technique in the first use of real world malware. To illustrate another RIG Exploit Kit-based campaign, apart from a report released last week, we have not seen real-world malware.
