Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
July 14, 2016

Spam, Now With a Side of CryptXXX Ransomware!

Proofpoint Staff

For the first time since Proofpoint researchers discovered CryptXXX, the ransomware is being distributed via malicious documents attached to email messages.

July 07, 2016

DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found

Proofpoint Staff

Proofpoint researchers discover a cloned Pokemon GO Android APK backdoored with the malicious remote access tool (RAT) DroidJack.

July 07, 2016

NetTraveler APT Targets Russian, European Interests

Axel F

Proofpoint researchers track an advanced persistent threat as Chinese actors target Russian and European military and diplomatic interests.

June 29, 2016

Banking Trojans go loonie for toonies: Dridex, Vawtrak and others increase focus on Canada

Proofpoint Staff

Proofpoint researchers describe the malware involved in a recent uptick in banking Trojans targeting Canadian interests.

June 24, 2016

Doh! New "Bart" Ransomware from Threat Actors Spreading Dridex and Locky

Proofpoint Staff

Proofpoint researchers identified a new ransomware called "Bart" from actors who have been spreading Dridex and Locky.

June 22, 2016

Necurs Botnet Returns With Updated Locky Ransomware In Tow

Proofpoint Staff

Proofpoint researchers dissect the payload from the first large Locky ransomware campaign in over 3 weeks.

June 16, 2016

Is Angler EK Sleeping with the Fishes? Neutrino exploit kit now distributing most CryptXXX

Proofpoint Staff

Proofpoint researchers have been tracking the relatively sudden shutdown of several elements of the advanced threat ecosystem, including the Angler exploit kit, which now appears to extend well beyond the disruption of the Necurs botnet we covered last week.

June 09, 2016

It's Quiet...Too Quiet: Necurs Botnet Outage Crimps Dridex and Locky Distribution

Proofpoint Staff

Proofpoint researchers take a look at the effects of an apparent outage in the massive Necurs botnet on two of the biggest names in malware: Dridex and Locky.

June 02, 2016

Malicious Macros Add Sandbox Evasion Techniques to Distribute New Dridex

Proofpoint Staff

Proofpoint researchers track new campaigns from a familiar actor using evasive macros and distributing a new Dridex sub-botnet targeting Swiss banking institutions.


Stay Connected