“Enhanced Bonus” QR code phish steals Microsoft credentials
A personalized phishing attack could lead to a catastrophic loss of credentials.
2 minutes
Threat Intelligence
USB worms: Still wriggling on to under-protected computers after all these years
Malware doesn't care if it's being talked about or not.
2 minutes
ThreatDown State of Malware report 2025
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
2 minutes
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Beluga phishing campaign targets OneDrive credentials
The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials.
2 minutes
How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell
Ransomware gangs love PowerShell.
4 minutes
A visit to a print shop put a password stealer on a co-worker’s laptop
Old-school malware distribution methods have a habit of hanging around long after people stop talking about them.
2 minutes
Watch out! Mobidash Android adware spread through phishing and online links
ThreatDown has uncovered a new campaign spreading the MobiDash adware for Android.
1 minute
Ransomware review: September 2024
In August, we recorded a total of 442 ransomware victims, the second-most all year.
2 minutes
New RansomHub attack uses TDSSKiller and LaZagne, disables EDR
The attack signals a new shift in RansomHub's arsenal of tools.
3 minutes
Lowe’s employees targeted in new malvertising campaign
In August, Lowe's employees were the subject of a targeted campaign using fake ads and websites.
1 minute
Rise of Atomic Stealer signals a sea change in macOS malware
Atomic Stealer is the most popular malware-as-a-service on macOS because of highly active affiliate-driven distribution campaigns and constant feature upgrades.
4 minutes
New phishing campaign uses Discord for payload delivery
A new phishing campaign uses two Discord CDN's to host malicious executables.
3 minutes
Ransomware review: July 2024
In June, LockBit said it breached the Federal Reserve and Black Basta was seen exploiting a Windows zero-day.
3 minutes
WorkersDevBackdoor and MadMxShell converge in malvertising campaigns
Two different backdoors might share more connections than previously thought
7 minutes
How the world’s worst ransomware gang avoids detection
Look at a real example of how LockBit used LOTL techniques on a ThreatDown MDR client.
4 minutes
From weeks to hours: Why ransomware attacks are getting quicker
Businesses will need to adapt as ransomware gangs take less time to steal and encrypt data than ever before.
4 minutes
Ransomware review: June 2024, a year-high 470 attacks recorded
In May, we recorded a total of 470 known ransomware attacks, including some sickening attacks on healthcare.
4 minutes
