Subscribe to ThreatSTOP feed
Updated: 2 hours 9 min ago

CRBR Encryptor: A Ransomware By Any Other Name Would Encrypt as Well

Mon, 08/14/2017 - 18:10

It's not unusual for brands to occasionally have to re-envision themselves. Apparently this applies to legitimate and illicit brands equally.

Qakbot Is Back & Targeting Banking Credentials

Fri, 08/11/2017 - 18:18

Qakbot, also known as Qbot, is a network worm targeting banking credentials. It propagates by copying itself to network drives and infecting removable drives.

Author Releases Private Key Unlocking Petya/GoldenEye Ransomware

Thu, 08/10/2017 - 17:24

In light of the devastating NotPetya attack, the creator of the original Petya ransomware has released his private key for the malware. This means victims of the original Petya attacks (excluding NotPetya) will be able to decrypt their files for free.

Hancitor/Chanitor Downloader - You've Got Malspam

Wed, 08/09/2017 - 19:59

Hancitor Downloader has seen many campaigns this year. Malware-Traffic-Analysis, a security research blog operated by Brad Duncan, has published over 40 related articles since the beginning of 2017. Each article covers malspam delivering the downloader, with no sign of the campaigns' wavering.

ThreatSTOP Software Update & New Target Names

Tue, 08/08/2017 - 21:42

We’re always looking for ways to increase your security protection and improve your experience when working with our solutions. ThreatSTOP will be releasing a software update on August 9th, 2017.

Remember Emotet Malware? It's Back.

Tue, 08/08/2017 - 19:47

Emotet (also Geodo, Feodo) is a banking trojan (discovered by Trend Micro in 2014) that targeted German and Austrian banking clients. In 2015, Kaspersky published findings of a variant targeting Swiss banking clients. Differences in this version included a new public RSA key (replacing the previous version) and removal of comments and debugging information from the Automatic Transfer System (ATS) script. This script enabled the automatic transfer of funds from the infected users bank account to the cyber criminal's.

ZeroT Dropping PlugX RAT: Another Day, Another APT

Mon, 08/07/2017 - 22:15


A cyber group attributed to Chinese APT activity has used the downloader ZeroT  since February 2016, as reported by Proofpoint in 2017.

Bi-Weekly Security Update 8/3/2017

Thu, 08/03/2017 - 18:43

New Target - Comments Spamming Bots

Tue, 08/01/2017 - 11:18



One of ThreatSTOP's goals has been to help reduce spam on the Internet. Besides being a source of constant annoyance in email, spam, malspam, phishing and spear-phishing all pose large security risks. In recent years, spammers have also discovered a new prime target for spam: website commenting systems. 

Bi-Weekly Security Update 7/24/17

Mon, 07/24/2017 - 17:59

Malicious Content Identified and Inserted:

Zloader/Terdot – That Man in the Middle

Fri, 07/21/2017 - 19:04

The ZeuS malware family was first seen in July 2007, and is the poster child for long-lasting bots. Zbot, one of the aliases of ZeuS, has a familial relation to Terdot. When ZeuS's source code leaked in 2011 bad actors jumped at the chance to start updating its capabilities based on their campaigns. One of these offspring was Terdot. MalwareBytes has made a study of the ZeuS family, and have noted a recent increase in Terdot/Zloader infections.

Dynamic DNS Providers – Offering Options on IP Addresses

Thu, 07/20/2017 - 23:13

ThreatSTOP has compiled a list of Dynamic DNS (DynDNS) services and providers. The list itself can is useful for both black lists as well as white lists.

El Machete Malware is Still "Sharp"

Wed, 07/19/2017 - 19:19

In the rapid cycle rise and disappearance of malware campaigns, there are only a few campaigns that last for several years. One of these, is the El Machete malware, which was first discovered by Kaspersky, and is thought to have been active since 2010.

Magnitude EK: What's Shakin?

Tue, 07/18/2017 - 21:22

The Magnitude EK, active since 2013, is one of the longest-running exploit kits used, with many of its most recent victims coming from Asia. It is usually seen distributing Cerber ransomware.

Winnti Aims to Win the Game

Fri, 07/14/2017 - 00:23

The Winnti group is a Chinese-linked cybercriminal group that is most well-known for its 2011 attacks against online video game producers.

A Rough Time for Web-browsing: The RoughTed Campaign

Wed, 07/12/2017 - 18:42

One family of malware that even the most vigilant of users has to be careful of is malvertising. Malvertising's dangers come from the fact that malware infection can occur from visiting a common legitimate website, as the malware is embedded within the ads on the website, rather than the website itself.

RIG Exploit Kit Takedown: Operation Shadowfall

Tue, 07/11/2017 - 18:01

Similar to Terror EK, the RIG EK gained a lot of footing in the EK market after the downfall of the Angler, Neutrino, and Nuclear exploit kits.

BankBot and BankBotAlpha – Banking Android Malware

Mon, 07/10/2017 - 21:32

BankBot is a malware targeting Android OS, and has appeared in the Google Play Store in different forms, often impersonating well-known application icons or names.

Bi-Weekly Security Update 7/7/2017

Fri, 07/07/2017 - 23:14

WildFire Locker – Ransomware Disguised as Missed Delivery

Wed, 07/05/2017 - 18:20

Ransomware operators do not usually target specific victims as a source of money, but this campaign might change that.


Want to Learn More?

Request a free, 30-minute online walk-through of the ThreatSTOP Platform.

Request a Free Demo

Already in Prevention Mode?

Sign-up for a free, 14-day trial of the ThreatSTOP Platform.

Start a Free Trial

Prefer a Free Assessment?

Use any of our free assessment tools to better
understand your need for proactive defense.

Get a Real-time Assessment