Threat Hub
The Proofpoint threat research team has access to one of the largest, most diverse data sets in all of cybersecurity. We’re bringing you the highlights every week, right here at the Threat Hub.
Brazilian banking malware appears in campaigns targeting Spain. And reviewing the latest fake browser update attacks.
This week on The Threat Hub: Our researchers take a closer look at a strain of banking malware that’s crossing borders. As a populous country with high adoption of online banking, Brazil has been a promising hunting ground for attackers. In fact, it’s now among the most highly-targeted countries for information stealers and other malware. And after seeing success with Grandoreiro malware in Brazil and Mexico, threat actor TA2725 is expanding its campaigns target Spain.
Grandoreiro steals data using keyloggers and screenshots and is also capable of displaying overlays on common banking websites to grab login credentials. The malware is typically delivered via embedded URL in malicious emails using tax and invoice themes. The URL leads to a zip file containing the loader, which is usually an MSI, HTA or EXE file. Check out the blog post for example lures and other campaign details.
And on this week’s Five-Minute Forecast, the International Criminal Court is hit by cyberespionage, Washington D.C. voter roll exposed in data breach, and threat detection analyst Dusty Miller gives an update on threats using fake browser updates.
DarkGate malware's emergence has coincided with the disappearance of Qbot from the threat landscape. Our researchers are investigating whether this malware is being used as a like-for-like replacement by threat actors traditionally affiliated with Qbot.
Equip your team with threat intelligence
Go Deeper with Proofpoint Threat Intelligence Services
Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.
Learn MoreCyber attackers target people. They exploit people. Ultimately, they are people. That's why people—not technology—are the most critical variable in today’s cyber threats. This year, the 2023 Human Factor report takes an even closer look at new developments in the threat landscape, focusing on the combination of technology and psychology that makes the modern attack chain so dangerous.
About The Threat Research Team
Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.6 billion emails, 49 billion URLs and 1.9 billion attachments every single day.
By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.
