New ecrime insights:
TA4557, known for distributing More_eggs malware, notably expanded to an international audience in recent campaigns.
Per our data, the recruiter-focused TA was seen targeting orgs in France, England & Ireland, in addition to typical North America-targeted threats.
16.06.2025 15:08 β π 2 π 2 π¬ 1 π 0
There is however at least two separate current malvertising/SEO campaigns, one leading to Bumblebee and one leading to SMOKEDHAM/Thundershell, but it's not from the official website.
2/2
19.05.2025 15:47 β π 0 π 0 π¬ 0 π 0
This article that starts getting traction claims that the official RVTools website was distributing a malicious installer leading to Bumblebee. I see zero evidence of this actually being the case.
1/2
19.05.2025 15:47 β π 1 π 1 π¬ 1 π 0
Proofpoint also recently observed this activity delivering GootLoader. Google Ads for a fake document creation app (lawliner[.]com) led to a malicious document creation website, on which users are directed to enter their email address.
31.03.2025 16:43 β π 4 π 2 π¬ 1 π 0
Great research on that #GootLoader is now including email in their delivery chain. Please don't download NDAs and other contract templates from free sites without any history.
31.03.2025 14:42 β π 1 π 0 π¬ 0 π 0
New blog drop with @selenalarson.bsky.social and the rest of the team. This one covers a lot of threats using the #ClickFix technique to lure targets to infect themselves by pasting malicious CMD/PS code. My "fave" is the chumbox #malvertising on major tech sites.
www.proofpoint.com/us/blog/thre...
18.11.2024 12:44 β π 11 π 5 π¬ 0 π 1
Well I guess it's time to try this platform too π
16.11.2024 13:53 β π 3 π 0 π¬ 1 π 0
https://gootloader.wordpress.com/
Head of Investigations at InfoGuard AG - dfir.ch
Proofpoint's insights on targeted attacks and the cybersecurity threat landscape.
Manager, APT Research Team @ Proofpoint
Threat Detection & Research at Proofpoint
@thedfirreport.bsky.social | https://kostas.page | Opinions are mine only! π¬π·π¨π¦
The official account of Proofpoint, a leader in human-centric cybersecurity.
Protect people. Defend data. Mitigate human risk.
Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepingcomputer.com
DM on Signal: LawrenceA.11 * Telegram: lbleeper * http://infosec.exchange/@lawrenceabrams
oh great, now Iβm on bluesky
Security researcher with a special interest for web threats.
work time: defender
fun time: malware hoarder/puzzle solver/capacity tester
member of:
@cryptolaemus.bsky.socialβ¬
fan of:
@hatching_io
@sublime_sec
Dad above all other jobs
Detection Engineering and Threat Hunting
Email and Empathy
threat research @ proofpoint
Sharing information on malicious network traffic and malware samples at https://www.malware-traffic-analysis.net/
RΓ©dac' chef de LeMagIT (fr)
Accro #cybersΓ©curitΓ© #infosec
Collectionneur de #ransomware
follow: https://linktr.ee/valerymarchive
https://strikeready.com/blog.html
Download live malware samples mentioned here: https://github.com/StrikeReady-Inc/samples
If you prefer marketing (our product is great!) subscribe to our main page @strikeready.com
Frontline Intelligence with #AdvancedPractices π¦
@Google Threat Intel | views are my own
CSO @ Proofpoint. Infosec lifer. Charter member of nerd nation. MacKenzie appreciator. Forza Inter.
