Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
April 12, 2018

EITest: Sinkholing the oldest infection chain


Proofpoint researchers detail the evolution of the EITest infection chain and help sinkhole the long-running operation.

April 04, 2018

Bitcoin-related domain registrations rise and fall with the cryptocurrency’s value

Proofpoint Staff

Proofpoint researchers detail how actors are creating Bitcoin-related domains that may be used for typo-squatting attacks and fraud.

March 30, 2018

Sandiflux: Another Fast Flux infrastructure used in malware distribution emerges


Proofpoint researchers studied a previously undocumented botnet providing Fast Flux infrastructure for cybercrime.

March 25, 2018

Unraveling ThreadKit: New document exploit builder used to distribute The Trick, Formbook, Loki Bot and other malware

Axel F, Matthew Mesa

In October 2017, Proofpoint researchers discovered a new Microsoft Office document exploit builder kit that featured a variety of recent exploits as well as a mechanism to report infection statistics.

March 23, 2018

Tax-themed email campaigns steal credentials and spread banking Trojans, RATs, and ransomware

Proofpoint Staff

In 2018, Proofpoint researchers have observed another strong season for tax-themed email lures, and the payloads of these campaigns are representative of broader malware trends and highlight notable differences compared to last year.

March 13, 2018

Drive-by as a service: BlackTDS


Proofpoint researchers track a new web-based attack chain offered as a service to threat actors

March 07, 2018

Leaked Ammyy Admin Source Code Turned into Malware

Proofpoint Staff

Proofpoint researchers track campaigns involving a new RAT based on the leaked source code of the Ammyy Remote Administration tool.

January 31, 2018

Smominru Monero mining botnet making millions for operators


Proofpoint researchers analyze a massive Monero mining botnet.

January 29, 2018

Double dipping: Diverting ransomware Bitcoin payments via .onion domains

Proofpoint Staff

Proofpoint researchers track operators of a Tor proxy diverting ransomware payments to their own Bitcoin wallets.

January 17, 2018

Proofpoint Q4 2017 Threat Report: Coin miners and ransomware are front and center

Proofpoint Staff

Proofpoint researchers detail the trends and changes in the threat landscape over the last quarter of 2017.