Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
April 20, 2016

Panda Banker: New Banking Trojan Hits the Market

Axel F

Proofpoint researchers have been tracking a new banking Trojan since March that has already been used in both targeted and widespread attacks.

April 18, 2016

CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler


Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. 

April 07, 2016

Killing a Zero-Day in the Egg: Adobe CVE-2016-1019


Proofpoint security researchers discover a new exploit in the Magnitude EK that leads to a previously unreported vulnerability in Adobe Flash.

April 05, 2016

Phish Scales: Malicious Actor Combines Personalized Email, Variety of Malware To Target Execs

Matthew Mesa

Targeted and personalized emails combined with a variety of malware represent a new and sophisticated approach from a particular actor we’ve been tracking this year.

March 30, 2016

.om Is Not .com – Attackers Increasing Use of Typosquatting

Christopher Dawson

So-called "typosquatters" aren't just getting savvier - they have a whole new world of top-level domains to use to trick businesses and consumers into giving up their personal information.

March 18, 2016

Video Malvertising Bringing New Risks to High-Profile Sites

Proofpoint Staff

On March 13, 2016, Proofpoint researchers observed a large malvertising campaign hitting many highly-ranked websites including and many others. We also surmised (and later confirmed) that there was a video malvertising involved in this campaign. While such campaigns aren't new, this appears to be the first such documented campaign leading to an exploit kit.

March 17, 2016

Gone Tax Phishing ’til April 18th

Proofpoint Staff

Obfuscation, sophisticated lures, and well-written phishing kits combine to make this a risky tax season for unsuspecting filers.

March 14, 2016

Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US

Aleksey F, Darien Huss, Chris Wakelin, Chris I, and Proofpoint Staff

The Carbanak gang appears to be back, and Proofpoint researchers analyze the early stages of a campaign that could steal another billion dollars.

March 10, 2016

Death Comes Calling: Thanatos/Alphabot Trojan Hits the Market

Proofpoint Staff

Proofpoint researchers have identified a new Trojan with robust functionality from authors who also appear to be prepared to offer a complete ecosystem of tools for malicious actors.


Stay Connected