Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
May 24, 2016

Beware the JavaScript - Malicious Email Campaigns With .js Attachments Explode

Proofpoint Staff

Proofpoint researchers have been tracking what appears to be the "next big thing" in email malware distribution - JavaScript attachments by the hundreds of millions.

May 12, 2016

Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck

Axel F, Matthew Mesa

Proofpoint researchers analyze two updated malware downloaders that have reappeared after several months hiatus and profile one threat actor experimenting with various loaders to distribute Vawtrak.

May 10, 2016

Setting Sights On Retail: AbaddonPOS Now Targeting Specific POS Software

Matthew Mesa, Darien Huss

Proofpoint researchers track an updated point-of-sale malware called AbaddonPOS and loader being distributed in targeted, personalized emails to US retailers.

May 09, 2016

CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool

Proofpoint Staff

Proofpoint researchers have been tracking Version 2.00x of the CryptXXX ransomware. The latest iteration, version 2.006, breaks the freely available decryption tool for CryptXXX.

May 05, 2016

Exploit Kit Déjà Vu: Massive Email Campaigns Spreading Dridex Via Angler

Matthew Mesa

Proofpoint researchers observed massive email campaigns with a twist - malicious URLs in the emails lead to purpose-built pages on compromised websites that in turn use Angler to drop Dridex on vulnerable PCs.

April 27, 2016

Ransomware Explosion Continues: CryptFlle2, BrLock and MM Locker Discovered

Axel F, Proofpoint Staff

Proofpoint researchers continue to see the regular and rapid emergence of new ransomware strains and variants, validating trends observed since the end of 2015.

April 25, 2016

Quarterly Threat Summary: Dridex, ransomware, and BEC phishing hog the spotlight

Proofpoint Staff

Proofpoint threat researchers publish their analysis of the top threats and trends of the first three months of 2016.

April 20, 2016

Panda Banker: New Banking Trojan Hits the Market

Axel F

Proofpoint researchers have been tracking a new banking Trojan since March that has already been used in both targeted and widespread attacks.

April 18, 2016

CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler


Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. 

April 07, 2016

Killing a Zero-Day in the Egg: Adobe CVE-2016-1019


Proofpoint security researchers discover a new exploit in the Magnitude EK that leads to a previously unreported vulnerability in Adobe Flash.


Stay Connected