Threats Feed

Symantec Security Response has identified Madi, a Trojan used in targeted social engineering campaigns observed since December 2011. The attacks relied on phishing emails carrying malicious PowerPoint attachments that prompted victims to manually execute an embedded file. Once installed, Trojan.Madi enabled information theft, including keylogging, and supported self-updating capabilities. The malware communicated with command-and-control servers hosted primarily in Iran and later Azerbaijan. Targets spanned multiple sectors, including oil and energy companies, government agencies, a foreign consulate, and US-based think tanks. While victims were concentrated in Middle Eastern countries such as Iran, Israel, and Saudi Arabia, infections were also observed globally, from the United States to New Zealand. The campaign relied entirely on social engineering rather than exploits or zero-day vulnerabilities.