Researchers at Cisco spotted targeted attacks moving remote access Trojans via the AutoIt administration and scripting tool.