Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
October 09, 2015

Dyre Malware Campaigners Innovate with Distribution Techniques

Proofpoint Staff

This week, Proofpoint researchers observed the now infamous “man-in-the-browser” (MITB) banking malware Dyre experimenting with new ways to deliver spam attachments. These innovations included two significant changes in Dyre behavior:

October 07, 2015

While Dridex is away, CryptoWall and Vawtrak play

Proofpoint Staff

Proofpoint data shows which malware benefited from the recent pause in Dridex campaigns.

October 01, 2015

In the Shadows: Vawtrak Aims to Get Stealthier by adding New Data Cloaking

Darien Huss and Matthew Mesa

In what is likely to be a short-lived cessation in Dridex campaigns while the criminal proponents behind that malware scramble to find a new delivery channel, it appears as though other malware purveyors may be positioning themselves to take additional market share of the lucrative crimeware aren

September 28, 2015

Dyreza Campaigners Set Sights on the Fulfillment and Warehousing Industry

Proofpoint Staff

Within the last week, the now infamous “man-in-the-browser” (MITB) banking malware Dyreza appears to have significantly expanded its target set of entities from which to steal credentials.

September 24, 2015

Meet GreenDispenser: A New Breed of ATM Malware

Thoufique Haq

On the heels of recent disclosures of ATM malware such as Suceful, Plotus and Padpin (aka Tyupkin), Proofpoint research has discovered yet another variant of ATM malware.

September 18, 2015

Operation Arid Viper Slithers Back into View

Proofpoint Staff

Earlier this year, researchers published analyses of targeted attack known as Operation Arid Viper (aka Desert Falcons, aka DHS) directed primarily at organizations in the Middle East.

September 15, 2015

In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia

Thoufique Haq & Aleksey F

Proofpoint researchers recently observed a campaign targeting telecom and military in Russia. Beginning in July 2015 (and possibly earlier), the attack continued into August and is currently ongoing.

September 04, 2015

Too Many Crooks in the Kitchen

Proofpoint Staff

What happens when threat actors overload an exploit kit? Proofpoint researchers open door of a malware clown car.

August 27, 2015

Hunter Exploit Kit Targets Brazilian Banking Customers

Proofpoint Staff

Proofpoint threat researchers analyze a new exploit kit priced to bring flexible malware delivery to cost-conscious cybercriminals.

August 14, 2015

You Dirty RAT: Analyzing an AlienSpy Payload

Thoufique Haq

The media recently reported [1] on a potential targeted cyberattack on Alberto Nisman, an Argentine prosecutor who was found dead under mysterious circumstances.