MEDIUMMalware
Global

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

·Source: Cisco Talos

Updated:

Executive Summary

Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization.

Analysis

Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization.
Source Attribution

Originally published by Cisco Talos on May 19, 2026.

Related Threats

LOWSupply Chain

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we detected and contained a compr

CSO Online
MEDIUMMalware

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services

Infosecurity Magazine
HIGHData Breach

Verizon: Healthcare Sector Facing Sustained, Multi-vector Attacks

Verizon has published its 2026 Data Breach Investigations Report, which shows that the healthcare sector continues to be targeted by […] The post Verizon: Healthcare Sector Facing Sustained, Multi-vector Attacks appeared first on The HIPAA Journal .

HIPAA Journal