Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
July 28, 2016

Massive AdGholas Malvertising Campaigns Use Steganography and File Whitelisting to Hide in Plain Sight


Proofpoint and Trend Micro researchers collaborated to detect and analyze a sophisticated, previously undocumented malvertising campaign that exposed millions of users every day to attacks that employed steganography and multi-layered filtering.

July 26, 2016

Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan

Proofpoint researchers discovered a new delivery mechanism for malware - PayPal money request messages with both a link to Chthonic and a socially engineered request for $100.

July 14, 2016

Spam, Now With a Side of CryptXXX Ransomware!

Proofpoint Staff

For the first time since Proofpoint researchers discovered CryptXXX, the ransomware is being distributed via malicious documents attached to email messages.

July 07, 2016

DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found

Proofpoint Staff

Proofpoint researchers discover a cloned Pokemon GO Android APK backdoored with the malicious remote access tool (RAT) DroidJack.

July 07, 2016

NetTraveler APT Targets Russian, European Interests

Axel F

Proofpoint researchers track an advanced persistent threat as Chinese actors target Russian and European military and diplomatic interests.

June 29, 2016

Banking Trojans go loonie for toonies: Dridex, Vawtrak and others increase focus on Canada

Proofpoint Staff

Proofpoint researchers describe the malware involved in a recent uptick in banking Trojans targeting Canadian interests.

June 24, 2016

Doh! New "Bart" Ransomware from Threat Actors Spreading Dridex and Locky

Proofpoint Staff

Proofpoint researchers identified a new ransomware called "Bart" from actors who have been spreading Dridex and Locky.

June 22, 2016

Necurs Botnet Returns With Updated Locky Ransomware In Tow

Proofpoint Staff

Proofpoint researchers dissect the payload from the first large Locky ransomware campaign in over 3 weeks.

June 16, 2016

Is Angler EK Sleeping with the Fishes? Neutrino exploit kit now distributing most CryptXXX

Proofpoint Staff

Proofpoint researchers have been tracking the relatively sudden shutdown of several elements of the advanced threat ecosystem, including the Angler exploit kit, which now appears to extend well beyond the disruption of the Necurs botnet we covered last week.


Stay Connected