Get to know # Claud Xiao *** ** * ** *** Blogs by Claud Xiao Sort By: Recent Recent Popular *** ** * ** *** [![Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux an...](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/) Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers Sep 17, 2018 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Xingyu Jin](https://www.paloaltonetworks.com/blog/author/xingyu-jin/?ts=markdown "Posts by Xingyu Jin") *** ** * ** *** [![IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vulnerability](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vu...](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/) Unit 42 researchers outline the evolution of Satori, a malware family targeting zero-day vulnerabilities in IoT devices Jan 11, 2018 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanhui-jia/?ts=markdown "Posts by Yanhui Jia") *** ** * ** *** [![New IoT/Linux Malware Targets DVRs, Forms Botnet](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [New IoT/Linux Malware Targets DVRs, Forms Botnet](https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/) Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia". Apr 06, 2017 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanui-jia/?ts=markdown "Posts by Yanhui Jia") *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices](https://origin-researchcenter.paloaltonetworks.com/blog/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/) Over the past two years, we've observed many cases of Microsoft Windows and Apple iOS malware designed to attack mobile devices. This attack vector is increasingly popular with malicious actors as almost ... Sep 13, 2016 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect A...](https://origin-researchcenter.paloaltonetworks.com/blog/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/) We've discovered a new family of iOS malware that successfully infected non-jailbroken devices we've named "AceDeceiver". What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as ... Mar 16, 2016 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") *** ** * ** *** Load more *** ** * ** *** Blogs by Claud Xiao Sort By: Popular Popular Recent *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infec...](https://origin-researchcenter.paloaltonetworks.com/blog/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/) On Thursday we posted the initial analysis report on XcodeGhost malware and then found it had infected 39 iOS apps, potentially impacting hundreds of millions of users. XcodeGhost embedded malicious code into ... Sep 18, 2015 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2014/04/cardbuyer-new-smart-android-trojan/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Cardbuyer: New Smart Android Trojan Defeats Multi-factor Verification and S...](https://origin-researchcenter.paloaltonetworks.com/blog/2014/04/cardbuyer-new-smart-android-trojan/) On April 21st our WildFire analysis cloud detected a new Android Trojan, which is currently completely undetected in VirusTotal and uses a new combination of tactics to make money for the author. ... Apr 24, 2014 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2014/05/funtasy-trojan-targets-spanish-android-users-sneaky-sms-charges/) ## [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Funtasy Trojan Targets Spanish Android Users with Sneaky SMS Charges](https://origin-researchcenter.paloaltonetworks.com/blog/2014/05/funtasy-trojan-targets-spanish-android-users-sneaky-sms-charges/) Summary A new Android Trojan, named Funtasy, began targeting Spanish Android users in mid-April. Users have downloaded 18 different variants of Funtasy between 13,500 and 67,000 times from the Google Play store. ... May 12, 2014 By [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu"), [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson") *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2014/07/sms-based-app-purchase-android-worth-risk/) ## [Application Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/application-analysis/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [SMS-Based In-App Purchase on Android Is Not Worth The Risk](https://origin-researchcenter.paloaltonetworks.com/blog/2014/07/sms-based-app-purchase-android-worth-risk/) In-App Purchase (IAP) has become a popular way to sell services and virtual items through mobile applications. In the Android ecosystem, in addition to the official IAP service by Google, there are ... Jul 15, 2014 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [](https://origin-researchcenter.paloaltonetworks.com/blog/2014/08/insecure-internal-storage-android/) ## [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Insecure Internal Storage in Android](https://origin-researchcenter.paloaltonetworks.com/blog/2014/08/insecure-internal-storage-android/) Today, Palo Alto Networks researcher Claud Xiao is delivering a presentation titled "Insecure Internal Storage in Android" at the Hacks in Taiwan Conference (HITCON). Claud is discussing techniques for accessing private data ... Aug 18, 2014 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language