Security Research Blog

News and views from the leading voice in cloud security.

By: Deepen Desai

Petya Ransomware Outbreak - June 27, 2017


In just a month after the WannaCry outbreak, we are seeing another widespread ransomware outbreak involving possible Petya ransomware family variant. The details on the initial delivery vector are sparse and as expected there is lot of speculation, just like…
By: Rohit Hegde

Wonder Woman, Piracy, and the Cerber Ransomware

Magnitude Exploit Kit leading to Cerber Ransomware

Exploit Kit | Ransomware

It s become a lucrative business for malicious actors to host illegal streaming websites and upload or link to bootlegged content. The income from such activity is generated from the advertisements served to visitors. At the same time, attackers have…
By: Viral Gandhi

New Android Marcher Variant Posing as Adobe Flash Player Update

Android Marcher malware


Introduction Marcher is sophisticated banking malware that steals users financial information, such as online banking credentials and credit card details. We have observed Marcher evolving over time, using new tricks and payload delivery mechanisms. As we reported about previous encounters…
By: Rohit Hegde

Top Exploit Kit Activity Roundup - Spring 2017

Exploit Kit

Overview This is the fifth in a series of posts in which we're examining recent activity of the current top exploit kits. An exploit kit (EK) is a rapidly deployable software package designed to leverage vulnerabilities in web browsers to…
By: Shivang Desai

Malicious Android Ads leading to drive by downloads

Drive by downloads causing chaos

Mobile Malware

The Zscaler ThreatLabZ team recently identified an Android app that was downloading itself from advertisements posted on forums. Malvertising is a growing problem and one that we have covered on past occasions, especially given the rise in SSL sites that serve…
By: Deepen Desai

WannaCry 2.0 ransomware attacks continue...

Analysis of WannaCry variants and propagation vectors seen in the wild.


Introduction An aggressive ransomware campaign went viral on May 12, 2017, that impacted over 200,000 systems worldwide and the attack remains active. The use of the leaked NSA ETERNALBLUE  SMB exploit by the dropper payloads, which target a Microsoft Windows vulnerability in…
By: Deepen Desai

Google Docs Phishing Campaign

Viral phishing campaign targeting Google users and enterprise Google deployments


Introduction An aggressive phishing campaign went viral earlier today that impacted multiple Google Mail users, including those in enterprise Google deployments. The campaign involved unsuspecting users receiving an email with a Google Doc link from one of their known contacts. If…
By: Rohit Hegde

JavaScript Malspam Campaigns

Multiple malicious JavaScript spam campaigns active in the wild

Malware | Spam

Introduction The Zscaler ThreatLabz team has observed multiple active malspam campaigns with links to malicious JavaScript payloads in the wild. These JavaScript files when opened by the end user will trigger download and execution of malware executables belonging to various Dropper and…

Learn more about Zscaler.
Join one of our webcasts.

Check how healthy is your Internet security with Security Preview, Zscaler's free security scan

How secure are you?

Check your security with our instant risk assessment, Security Preview. It’s free, confidential and safe. 85% of companies who run this test find vulnerabilities that require immediate attention.