Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
July 27, 2017

Backdoored Litecoin Wallet Spread via Typosquatted Domains

Proofpoint Staff

Proofpoint researchers track XKey keylogger malware distributed via typosquatted clones of the Litecoin cryptocurrency website and backdoored versions of the app.

July 24, 2017

Silver lining: Google OAuth worm leads to Proofpoint discovery and Google mitigation

Proofpoint Staff

Since at least 2011 [1] [2], information security researchers have attempted to raise awareness about the ease with which attackers could create seemingly legitimate apps and then trick users into granting them access to email and cloud service accounts.

July 13, 2017

Meet Ovidiy Stealer: Bringing credential theft to the masses

Proofpoint Staff

Proofpoint researchers analyze a previously undocumented stealer called Ovidiy Stealer. Lightweight, efficient, and with attractive pricing and marketing, Ovidiy Stealer makes it easy for would-be criminals to make the leap into credential theft.

June 27, 2017

Pyramid Schemes Go High Tech with Affiliate Spam and Malware Affiliates

Proofpoint Staff

Proofpoint researchers examine how the affiliate marketing model drives both spam and malware distribution.

June 20, 2017

AdGholas Malvertising Campaign Using Astrum EK to Deliver Mole Ransomware


Proofpoint researchers track recent AdGholas activity with colleagues from the advertising and security industries after ransomware activity in the UK set off red flags.

June 12, 2017

Follow the Money - Phishing Schemes Go After Cryptocurrency

Proofpoint Staff

Proofpoint researchers examine phishing templates used to steal cryptocurrencies and related credentials from users.

June 05, 2017

Exploiting the Human Factor - Proofpoint Releases Human Factor 2017 Report

Proofpoint Staff

Proofpoint researchers look ahead at the changing threat landscape and the increasing tendency for threat actors to target people rather than chase the latest exploits.

June 01, 2017

Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions

Matthew Mesa, Axel F, Pierre T, Travis Green

Proofpoint researchers track the actor known as Cobalt using Microsoft Word Intruder (MWI) and a well-known vulnerability to target financial institutions.

May 31, 2017

What Election Spam Can Tell Us About Candidates and Election Outcomes

Proofpoint Staff

After multiple election cycles, Proofpoint researchers point to relationships between spam volumes and election outcomes.

May 25, 2017

“Where are the exploits of yesteryear?” Marking one year since a major EK featured a new unpatched vulnerability

Proofpoint Staff

Proofpoint researchers track the effectiveness of exploit kits and the declining availability of unpatched vulnerabilities.