Proofpoint researchers analyze two updated malware downloaders that have reappeared after several months hiatus and profile one threat actor experimenting with various loaders to distribute Vawtrak.
Proofpoint researchers track an updated point-of-sale malware called AbaddonPOS and loader being distributed in targeted, personalized emails to US retailers.
Proofpoint researchers have been tracking Version 2.00x of the CryptXXX ransomware. The latest iteration, version 2.006, breaks the freely available decryption tool for CryptXXX.
Proofpoint researchers observed massive email campaigns with a twist - malicious URLs in the emails lead to purpose-built pages on compromised websites that in turn use Angler to drop Dridex on vulnerable PCs.
Proofpoint researchers continue to see the regular and rapid emergence of new ransomware strains and variants, validating trends observed since the end of 2015.
Proofpoint threat researchers publish their analysis of the top threats and trends of the first three months of 2016.
Proofpoint researchers have been tracking a new banking Trojan since March that has already been used in both targeted and widespread attacks.
Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep.