Cyberwire Network Announcer

You're listening to the Cyberwire Network, powered by N2K.

Dave Buettner

Looking to understand the cybersecurity risks emerging beyond Earth's atmosphere? In the weekly Signals in Space newsletter, T Minus host Maria Vermazes and producer

Podcast Host / Interviewer

Ethan Cook connect the dots between terrestrial

Dave Buettner

infrastructure and the growing attack surface in space. Each week you'll get the latest space cyber headlines, direct access to the week's T Minus podcast conversation, plus expert insights and resources to help security professionals better understand this rapidly evolving domain. Space systems are becoming critical. Infrastructure Signals in Space helps you stay ahead of the threats shaping the next frontier. Subscribe now to the Signals in Space newsletter.

Duracell Advertiser

Are all batteries the same? That's like asking if all soccer players are the same. Take Messi, the most decorated player ever. Is there any other player who has achieved that? No, just him. Now take Duracell. Is there any other battery with power boost ingredients inside? No, just Duracell. Remember, goats only trust goats because they're built different and Messi only trusts Duracell.

Dave Buettner

Hello, everyone, and welcome to the Cyberwires Research Saturday. I'm Dave Buettner, and this is our weekly conversation with researchers and analysts, tracking down the threats and vulnerabilities, solving some of the hard problems, and protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.

Tom Kellerman

We've been following some of the significant Brazilian cybercrime cartels for a While, and Shadow Water 63 is one of them. And as a result, we recognize this as a very elegant payload which had the capacity to bypass bank security mechanisms as well as payment system mechanisms.

Dave Buettner

That's Tom Kellerman, VP of AI Security and Threat Research at Trend Micro. The research we're discussing today is titled Inside Shadow 063's Banana from Build, Server to Banking Fraud.

Podcast Host / Interviewer

Now, one of the things that caught my eye in this research, you know, most incident responders will see one side of an attack, but in this case, you all recovered both the attacker infrastructure and the victim side of the malware. Is it unusual to have that breadth of view into something like this?

Tom Kellerman

Not any longer. In the last few years, we've invested heavily in our MDR and IR practice, which is global in nature as well. And so that complements our threat research community within Trend AI, where we can cover both sides of the spectrum. And that's one reason why we are

Tom Kellerman (continued / co-speaker)

partners with Interpol through the fusion center in Singapore.

Dave Buettner

Gotcha.

Podcast Host / Interviewer

Well, before we dig into some of the technical elements here, describe for us what exactly Banana Rat is and what they're up to.

Tom Kellerman

Well, what I found fascinating about Shadowwater's payload here is that, you know, essentially they targeted 16 Brazilian financial institutions and

Tom Kellerman (continued / co-speaker)

crypto exchanges with this. The lure came through WhatsApp. It would download a malicious batch file. It was polymorphic in nature, staged in delivery, in memory, and they had encrypted command and control. The malware used layer obfuscation techniques like AES, RAP payloads and fileless PowerShell.

Tom Kellerman

And it bypassed most EDR and MDR

Tom Kellerman (continued / co-speaker)

capabilities of some of the banks that were using our technologies.

Tom Kellerman

Most importantly though, I'd say this, the

Tom Kellerman (continued / co-speaker)

RAT allowed for full remote fraud and surveillance of the victim.

Tom Kellerman

So real time screen streaming, bank aware overlay injection, QR picks, transaction manipulation, continuous logging to enable interactive credential theft, as

Tom Kellerman (continued / co-speaker)

well as proximity settings to pick up ambient noise.

Tom Kellerman

And from a financial sector perspective, it underscores what I learned years ago when I was at the World bank, which is the Brazilian cybercrime cartels are highly

Tom Kellerman (continued / co-speaker)

sophisticated because of a historical reason which

Tom Kellerman

I find interesting and I think it

Tom Kellerman (continued / co-speaker)

might be important for your audience to hear this.

Tom Kellerman

Brazil and Argentina went through hyperinflation back

Tom Kellerman (continued / co-speaker)

in the 80s and 90s, and as

Tom Kellerman

a result they moved to the American dollar and the World bank. And IMF then began connecting those banks

Tom Kellerman (continued / co-speaker)

in Brazil, like Bradesco and Itau, to the Internet first.

Tom Kellerman

And so they were first movers in electronic finance. And as a result, Brazilian organized crime got into hacking because money was digital far earlier than many of the other

Tom Kellerman (continued / co-speaker)

Latin American countries organized crime populations.

Podcast Host / Interviewer

No, that's a really interesting insight. I was not aware of that detail. Let's dig into the attack itself. How does a victim first encounter this malware and what happens?

Tom Kellerman

So essentially they would receive a phishing URL via WhatsApp or through traditional email, and immediately the malware would operationalize through

Tom Kellerman (continued / co-speaker)

a payload generation and stage delivery in memory.

Tom Kellerman

And what they would see would basically be a brand of the bank that

Tom Kellerman (continued / co-speaker)

they're using on their screen.

Tom Kellerman

That said, there was a security update

Tom Kellerman (continued / co-speaker)

that was needed in order to certify their device and their banking transactions would be secure.

Tom Kellerman

And once they essentially clicked on that, they had full and complete control.

Podcast Host / Interviewer

Can you describe for us what is the breadth of the control that they have here?

Tom Kellerman (continued / co-speaker)

What were the capabilities like I was describing?

Tom Kellerman

They have a banking aware overlay injection.

Tom Kellerman (continued / co-speaker)

They can real time screen stream everything

Tom Kellerman

that's being shown and visualized by the, by the operator. They had QR and fixed transaction manipulation

Tom Kellerman (continued / co-speaker)

capabilities and advanced key logging.

Tom Kellerman

I would say that of all the major cybercrime cartels hunting the financial sector, this is one of the better ones definitely in the top five, I'd say, in the world.

Tom Kellerman (continued / co-speaker)

This, this shadow water 63 group. The best ones though, are definitely Russians.

Tom Kellerman

And we really should underscore that the majority of successful attacks against financial institutions

Tom Kellerman (continued / co-speaker)

are leveraged by a cadre of Russian cybercrime cartels like Void Rabisu, Laundry, Bear Evil Corp and Void Balar.

Podcast Host / Interviewer

Well, let's talk about the server side tooling here. What did you all discover about the attacker's infrastructure?

Tom Kellerman

Well, I thought it was interesting that their malicious CC infrastructure is still active and publicly accessible over Port 80, exposing

Tom Kellerman (continued / co-speaker)

a number of endpoints used for payload staging.

Tom Kellerman

And it was very much symbolic of

Tom Kellerman (continued / co-speaker)

the fact that this is a Brazilian cartel in nature. And I would say that once again,

Tom Kellerman

I've never seen such a sophisticated attack

Tom Kellerman (continued / co-speaker)

leveraged by these groups before because of

Tom Kellerman

the way that they obfuscated through memory injection. And as well as that the they

Tom Kellerman (continued / co-speaker)

used different forms of encryption to essentially overlay and ensure that they had obfuscation payloads that were wrapped.

Podcast Host / Interviewer

You describe a polymorphic build system. Can you describe for our listeners what that means?

Tom Kellerman

Yeah, the stages of attack were built literally from reconnaissance, the delivery to lateral movement. Not just in the obfuscation stages of lateral movement, but also in terms of

Tom Kellerman (continued / co-speaker)

bypassing traditional EDR technologies.

Tom Kellerman

And so we were very impressed. But I am concerned now because of the scourge of banking fraud that's occurring across South America and how that's increasing in nature, where you're seeing connective tissue between Brazilian cybercrime cartels and Russian cybercrime cartels. And there's more and more collaboration and

Tom Kellerman (continued / co-speaker)

cooperation going on than ever seen before between these groups, which we didn't include in this report.

Tom Kellerman

We will be covering some of that in a modern day bank heist report

Tom Kellerman (continued / co-speaker)

that we'll be putting out later on this summer.

Podcast Host / Interviewer

So I guess, I mean, obviously generating a unique payload for every victim really complicates detection efforts.

Tom Kellerman

It definitely does. And they've learned from the defensive countermeasures put in place by the financial institutions. And I also thought it was intriguing that they were using WhatsApp as a delivery mechanism. I would say in the long run, what can be done best here is that we really need to advance the nature of continuous threat hunting within banking infrastructure and that the large school payment

Tom Kellerman (continued / co-speaker)

systems of the world, especially in Brazil, need to pay much closer attention to

Tom Kellerman

how they're defending themselves from within with AI.

Tom Kellerman (continued / co-speaker)

And the utility of AI by adversaries in today's world. It just allows them to automate and

Tom Kellerman

orchestrate campaigns in real time in a continuous fashion, as you well know. And so everyone should just kind of view AI as a dormant C and a dormant command and control. If you're not securing your AI infrastructure,

Tom Kellerman (continued / co-speaker)

you should just assume that it's going to be compromised and used against you at some point.

Podcast Host / Interviewer

Now, you describe the analytics dashboard that the attackers were using here. What did that reveal about how these operators were managing their campaigns?

Tom Kellerman

Well, in a very distributed fashion, frankly. And what became most concerning to me was the nature in which that they continue to conduct secondary infections, which is

Tom Kellerman (continued / co-speaker)

going to be coming out in a secondary report.

Tom Kellerman

It really reminded me of the mechanisms

Tom Kellerman (continued / co-speaker)

and tactics used by Laundry Bear, if

Tom Kellerman

you're familiar, or EvoCorp back in the day.

Podcast Host / Interviewer

Well, so I think a lot of folks think of malware as being automated. How much was this campaign automated, or how much was driven by a remote human operator in real time?

Tom Kellerman (continued / co-speaker)

I think it was a blend of both.

Tom Kellerman

But what's concerning to me now is you're saying the jailbreaking of LLMs to abuse them and misuse them is becoming more pernicious. And one thing that we're going to

Tom Kellerman (continued / co-speaker)

be revealing studies on soon is the

Tom Kellerman

fact that steganography is making a comeback

Tom Kellerman (continued / co-speaker)

in some of these communities. You're well aware of what steganography is,

Tom Kellerman

but the invisible prompt injections that can

Tom Kellerman (continued / co-speaker)

allow for steganography to be leveraged through, essentially photos or video files, is becoming more and more pernicious, and it really

Tom Kellerman

doesn't allow for that secondary C2 to

Tom Kellerman (continued / co-speaker)

be on a sleep cycle.

Tom Kellerman

I think going forward as a community, we need to start paying attention to

Tom Kellerman (continued / co-speaker)

two things, one of which is AI should always be considered essentially a C2,

Tom Kellerman

unless you're actively securing it. And then most importantly, that steganography and secondary forms of command and control that

Tom Kellerman (continued / co-speaker)

are on sleep cycles are the future,

Tom Kellerman

much like we saw in the past from like an espionage level of attacks.

Tom Kellerman (continued / co-speaker)

Whether it was Apt 29 or Turlo,

Tom Kellerman

who pioneered the use of steganography decades ago. I think that's becoming mainstream and I'd love to hear more from you. Have you actually interviewed anyone recently to

Tom Kellerman (continued / co-speaker)

discuss Stego or the use of Stego or how AI enabled Stego is becoming problematic because I would love to hear from them and their research as well.

Podcast Host / Interviewer

Yeah, you know, I haven't spoken to anyone specifically recently about steganography, really, since we leapt into this new AI world. What I was thinking of as you were describing it was actually, it was a story earlier this week about some folks who were Hiding their command and control in ASCII art of all things.

Tom Kellerman (continued / co-speaker)

That's brilliant.

Podcast Host / Interviewer

Yeah, right.

Tom Kellerman

If I may, that's sexy. That's what I'm talking about.

Podcast Host / Interviewer

It's kind of retro, right?

Tom Kellerman

It's retro, but it works. No, it's definitely quite interesting. And the banks in general are also being challenged by the fact that authorization

Tom Kellerman (continued / co-speaker)

and two factor authentication are being bypassed by DEFIC technology.

Tom Kellerman

In the upcoming modern day bank heist

Tom Kellerman (continued / co-speaker)

study that we're going to be releasing

Tom Kellerman

in August, we're really looking at trends

Tom Kellerman (continued / co-speaker)

of deeper forms of E fraud fraud that haven't really been appreciated before.

Tom Kellerman

As you and I both know that

Tom Kellerman (continued / co-speaker)

most valuable information in a financial institution isn't necessarily the wire transfer fraud, it's

Tom Kellerman

the non public market information. So we're trying to get our heads

Tom Kellerman (continued / co-speaker)

around whether or not you're seeing a trend of digital front running attacks that are meant to steal material non public market information or even manipulate that information. One thing that was discovered years ago

Tom Kellerman

that a number of us in the

Tom Kellerman (continued / co-speaker)

financial sector noticed, which I think is going to become more pronounced this year, is the construct of shocking. Shocking is when you literally you hack a financial institution, you maintain persistence in those systems, you basically then short their stock and then you dox their non public market material information to the regulators about a week later and then to the press. We'll be right back.

Google Chrome Advertiser

This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome, that's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block. Or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses Setup required compatibility and availability various 18

Canva Advertiser

when you finally find your thing, you want the whole world to know about that thing. So you use a thing called Canva to make it an even bigger and better thing. Whether you want to create flyers for that thing, make presentations for that thing, or design merch for that thing. You can do anything so people can see your thing, feel your thing, love your thing. The next thing you know, it's a thing. Canva, the thing that makes anything a thing.

Tom Kellerman

So you're shorting and doxing, I think

Tom Kellerman (continued / co-speaker)

different forms of market manipulation. Because of these advanced forms of persistence, as illustrated by Banana Rat and others, this type of rat could be used for a multitude of things that go far beyond just wire transfer fraud. And that's what's concerning Here, I think the lesson learned here is that A, please don't underestimate the cybercrime cartels of Latin America, particularly the Brazilian ones, and B, what else can be done with that level of persistence from a financial fraud perspective, market manipulation perspective, even an island hopping, as I would call it, perspective, where the institution itself's infrastructure is now being used to attack their customers and constituency.

Tom Kellerman

And that has already been realized in

Tom Kellerman (continued / co-speaker)

Brazil previously, where one of their major payment systems was compromised by a group that I'm not going to name here on this interview. And that payment system was then in turn used to attack customers, institutions throughout Brazil. That's how significant this type of community is. And when you start thinking about the access brokerage market, right, the access miners

Tom Kellerman

of the world, sharing, selling and manipulating

Tom Kellerman (continued / co-speaker)

that access to people who do understand

Tom Kellerman

the financial sector and the interdependencies therein,

Tom Kellerman (continued / co-speaker)

that becomes quite interesting as well. So I hope to be able to

Tom Kellerman

speak to you when my report comes out.

Tom Kellerman (continued / co-speaker)

But we're doing a deep dive of Both interviews with 50 CISOs in the financial sector, but also our own threat research to understand exactly what's going on. And our threat research is going to focus on what we consider to be the top tier cyber crime cartels. But also, more importantly, much like we're discussing today, the forms of persistence that have evolved because of AI, much like, you know, banana rat and stego, as we discussed.

Podcast Host / Interviewer

Well, Tom, just so I'm clear here, where do you place Brazil in terms of being on the leading edge of these sorts of threats? In other words, you mentioned how Brazil, by necessity, due to their inflation situation, where it was ahead of the game than most of the world, Is that true today? Are they a canary in the coal mine, if you will.

Tom Kellerman

So great question, and I forgot one part of that story that I should have shared.

Tom Kellerman (continued / co-speaker)

When the country moved to the dollar and also migrated to electronic finance, first in Latin America because of the World

Tom Kellerman

bank and imf, they also gave out

Tom Kellerman (continued / co-speaker)

laptops to all the children in schools.

Tom Kellerman

Laptops they couldn't take home, but laptops

Tom Kellerman (continued / co-speaker)

that they could use at schools.

Tom Kellerman

So they're dealing with hyperinflation, right?

Tom Kellerman (continued / co-speaker)

They got E Finance. All these kids are learning computer science in schools much quicker than their neighboring countries. And so you basically created a population that had skills but didn't have any gainful opportunities and legitimate jobs to go to. So that's when the burgeoning cybercrime economy of Brazil began, back in the early 2000s. So where, so I would put this group, specifically this group as like the number six, I would say, of a cybercrime cartel that is specifically targeting the financial sector. Again, I just want to be specific for the financial sector.

Tom Kellerman

The other top players are Void Rabisu

Tom Kellerman (continued / co-speaker)

Laundry, Bear, Void Belar and Evil Corp, all of which who are Russian and they've always been the best. But don't count the Brazilians out. We're doing a lot of research there

Tom Kellerman

since we're the largest security vendor in Latin America. And we're really trying to tie that

Tom Kellerman (continued / co-speaker)

knot to really look at the entire cognitive attack loop, as I'll call it, from MDR through IR through Threat Intelligence to see both ends of the attack. And that's why I'm privileged to be able to speak to you today.

Tom Kellerman

But I would demand more from all of us in the community to start

Tom Kellerman (continued / co-speaker)

looking for that C2 on a sleep cycle. And remember that these types of rats, they could just be a hearkening of what's to come.

Podcast Host / Interviewer

Hmm. The report spends a good amount of time discussing pics, QR code interception. I think that that might be a new term for folks outside of Brazil. Can you explain to us what pics is and why it was an important element here?

Tom Kellerman

Pick pix for them. It's a way of conducting transactions through their wire transfer payment systems.

Tom Kellerman (continued / co-speaker)

And so it is. It's important that if you attempt to actually infiltrate their wire transfer systems in Brazil, I think much more needs to be done by SWIFT and other entities that govern the security standards of wire transfer systems around the world in improving their level of security and understanding these types of threat dynamics.

Tom Kellerman

I am hoping that at the FS ISAC conference that's coming up in October

Tom Kellerman (continued / co-speaker)

is it in Austin, that much more attention is being paid to some of these nuanced issues. Again, this highlights the knowledge that this group, that this crew, that this cyber crime cartel, Shadow Otter 63 already has of the interdependencies in the financial sector. And you can't assume your adversaries don't really understand your business. You have to presume that security through obscurity is over.

Tom Kellerman

And I think AI enhances the level

Tom Kellerman (continued / co-speaker)

of reconnaissance and capabilities of even miscreants that are ignorant to the industry that they can easily, easily get sped up on any sort of any form of business and any form of transaction patterns.

Podcast Host / Interviewer

Well, let's talk about Shadowwater 63. What. What was the evidence that led you to associate that operation with Brazilian Portuguese speaking operators?

Tom Kellerman

Social engineering scripts near verbatim match for

Tom Kellerman (continued / co-speaker)

the language used by different campaigns that we've seen leveraged by these groups. The command and control infrastructure itself, the

Tom Kellerman

knowledge that they had of the Brazilian

Tom Kellerman (continued / co-speaker)

financial sector, the specific campaign domain that they use, 2026, and just some of the TTPs as illustrated that they had used before.

Tom Kellerman

I mean, there are only a handful

Tom Kellerman (continued / co-speaker)

of groups in Brazil that are operating at this level, I would say in Latin America. The other significant cybercrime crews are more than likely, you know, based in Colombia and Mexico. Sometimes it's hard to tell because of the Spanish speaking community, but I think it's easier with the Portuguese community to understand where they're coming from.

Podcast Host / Interviewer

Yeah, well, I mean, I think at the end of the day, ultimately the folks out there who are doing the blocking and tackling want to know how do I defend against this? That's most important for them to do their job. But then I think secondarily to that or perhaps lateral to that is the inner workings of it so that they can better understand it and then apply that knowledge more broadly as perspective, as insight into what the greater ecosystem of what's going on, try to inform their larger, broader defense. Does that make sense?

Tom Kellerman

Yeah, I'd say from a larger, broader

Tom Kellerman (continued / co-speaker)

defense, I'd say based on all of

Tom Kellerman

the different myriad of actors that we've

Tom Kellerman (continued / co-speaker)

been studying here at Trend AI, there's really five things that are necessary in 2026. They're quintessentially important. One is I'd say you got to baseline detections for AI tels like emoji and binary strings or foreign slang in English content. You really need to embrace virtual patching now because there's no way you're going to be able to wait for all the patches to come out. Given the velocity and the surge of zero days out there. I think attack path mapping needs to be conducted regularly internally. But also when you view your attack paths, you should be looking at your attack paths in a bidirectional flow. Right. If an adversary had a footprint or hold within your system, how could they leverage your infrastructure to attack your constituency? Because that is the worst case scenario. And most of these cyber crime cartels, that's exactly what their goal is. It's one thing to break into your house, but if I can break into your house and then hit all your neighbors houses like that show what's it called, Friends and Neighbors, it'll work perfectly.

Tom Kellerman

Joking, but not joking.

Tom Kellerman (continued / co-speaker)

You got to threat hunt continuously. Can you use AI to enhance threat hunting for a myriad of behavioral anomalies in the infrastructure? I mean just assume compromise and then lastly kind of treat all AI agents as a C2 channel until you've learned how to create a governance structure that's adequate, until you can put some guardrails on it. I would say those are my top five takeaways for the landscape that we're in now.

Tom Kellerman

But in the end, we have an

Tom Kellerman (continued / co-speaker)

entire site, trendaisecurity.com, we have an entire section, our site, with updated intelligence reports with the telemetry of the latest attacks and best practices to defend even if you're not a customer of ours, where you can essentially go, view, download or however you want to scrape it on a daily basis. I literally, I think we have at least 15 to 18 different studies coming out on a weekly basis on different threat actor groups and unique new campaigns, aside from, you know, the thousands of payloads and vulnerabilities that are released every day.

Tom Kellerman

So consider us, you know, a good

Tom Kellerman (continued / co-speaker)

Samaritan here and we're trying to give back. So that's why I'm grateful to speak to you.

Podcast Host / Interviewer

Yeah, for sure. Well, looking specifically at this campaign, what's your advice to defenders to disrupt an operation like this?

Tom Kellerman (continued / co-speaker)

Wow.

Tom Kellerman

I mean, at this point the telemetry is already out there and the IOC

Tom Kellerman (continued / co-speaker)

associated with this rat. Update your capabilities to defend against this group. Presume WhatsApp communications are compromised. I would really recommend people move off of WhatsApp in general, begin to filter in a better fashion, conduct more threat hunting if you presume you might have been compromised. If you're operating in Brazil as a major corporation or have a subsidiary there, expect groups like this to target you with this type of unique payload and or RAD infrastructure. Do a much better job in your business as it relates to reverse business email compromise, but not business compromise, not traditional Beck, but rbec, where you actually might be compromised from within the account of the person who has the authority to transfer funds within your organization, CFO or deputy CFO or whomever that person's account is already compromised.

Tom Kellerman

You should have secondary forms of out

Tom Kellerman (continued / co-speaker)

of band verification for that when it comes to stego. And I think where STEGO is going because I do think even though it's not being used in this attack, it is a harbinger of how STEGO is going to be used quickly in new forms of rats. Invisible prompt injection. So do you have the capacity to essentially prevent prompt injection at the network level and can you ascertain whether or not that's occurred from a two factor authentication perspective and just an authorization perspective? Do you have the capacity to have deep fake identification via computer vision algorithms, because that's where this is also going next as we see it in today's world. And do you have query generation assistance for your XDR or whatever platform or SIEM that you're using to help your security analysts move faster, react faster? Because it really bothers me as a former threat hunter and security analyst for the World bank back in the day,

Tom Kellerman

when it happens, especially with the world of AI where it's faster and more

Tom Kellerman (continued / co-speaker)

powerful, do you really have the time to figure out what prompt you should be using to understand the TTPS and IOCs in real time? Wouldn't it be great if you had AI assisting you in conducting that investigation and or that front? And then I would really stress this and however it sounds, it sounds.

Tom Kellerman

Make sure that whoever you're doing business

Tom Kellerman (continued / co-speaker)

with truly has global threat intelligence. You can't live on an island out here. The world is global. The greatest threat actors in cyber are overseas. They are hunting entire industries. They specialize in specific industries and threats to one industry can spread through that industry in systemic fashion, as we will depict and describe in the modern bank ICE report.

Dave Buettner

Our thanks to Tom Kellerman from Trend Micro for joining us. The research is titled Inside Shadow Water 063's Banana Rat from Build Server to Banking Fraud. We'll have a link in the Show Notes and that's Research Saturday brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite part podcast app. Please also fill out the survey in the Show Notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next time.

Ryan Reynolds (Mint Mobile Advertiser)

Ryan Reynolds here from Mint Mobile. I don't know if you knew this but anyone can get the same Premium Wireless for $15 a month plan that I've been enjoying. It's not just for celebrities. So do like I did and have one of your assistants assistance. Switch you to Mint Mobile today. I'm told it's super easy to do@mintmobile.com.

Cyberwire Network Announcer

switch upfront payment of $45 for 3 month plan equivalent to $15 per month required intro rate first 3 months only, then full price plan options available taxes and fees, extra fee, full terms@mintmobile.com.