Threat Hub
The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
ZenRAT sneaks into fake installer packages. And the anatomy of a QR code phishing attack.
This week on The Threat Hub: Our researchers have recently identified a new malware, dubbed ZenRAT, that is being distributed via fake software installation packages. The malware is hidden inside an installer for password manager Bitwarden and targets Windows users. If potential victims are using another operating system, they are directed to a benign webpage masquerading as an article from the website opensource.com. ZenRAT is a modular remote access Trojan (RAT) with information stealing capabilities. Check out the blog post for a detailed technical analysis of the malware and a list of IoCs.
Also on the blog this week, the latest in our ongoing series: Cybersecurity Stop of the Month. This time we break down a novel phishing scheme using QR codes. In the attack, rather than providing a URL, the phishing lure contains a QR code for the recipient to scan with their phone. Once scanned, the code leads to a fake SharePoint login that collects credentials. QR codes present several new security challenges. The attack moves from email to the user’s mobile device, which may be less well protected, while the absence of URLs in the message body makes malicious links harder to detect.
And on this week’s Five-Minute Forecast, details emerge of a massive email breach at the State Department, Bing’s AI chatbot is caught up in malvertising, and senior threat intelligence analyst Selena Larson discusses romance scams and malware.
In the third quarter of this year, Microsoft products and services remained the most popular targets for brand abuse, with DHL and Adobe new entries in the top five. In 2022, four of the five brands belonged to Microsoft, with Amazon the only exception.
Equip your team with threat intelligence
Go Deeper with Proofpoint Threat Intelligence Services
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreCyberattackers target people. They exploit people. Ultimately, they are people. That’s why the Human Factor report focuses on how technology and psychology combine to make people so susceptible to modern cyber threats. In this first volume, we take a closer look at attacks that rely on social engineering, including business email compromise (BEC) threats, email fraud and phishing.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
