Security Research Blog

News and views from the leading voice in cloud security.

By: Deepen Desai

WannaCry 2.0 ransomware attacks continue...

Analysis of WannaCry variants and propagation vectors seen in the wild.


Introduction An aggressive ransomware campaign went viral on May 12, 2017, that impacted over 200,000 systems worldwide and the attack remains active. The use of the leaked NSA ETERNALBLUE  SMB exploit by the dropper payloads, which target a Microsoft Windows vulnerability in…
By: Deepen Desai

Google Docs Phishing Campaign

Viral phishing campaign targeting Google users and enterprise Google deployments


Introduction An aggressive phishing campaign went viral earlier today that impacted multiple Google Mail users, including those in enterprise Google deployments. The campaign involved unsuspecting users receiving an email with a Google Doc link from one of their known contacts. If…
By: Rohit Hegde

JavaScript Malspam Campaigns

Multiple malicious JavaScript spam campaigns active in the wild

Malware | Spam

Introduction The Zscaler ThreatLabz team has observed multiple active malspam campaigns with links to malicious JavaScript payloads in the wild. These JavaScript files when opened by the end user will trigger download and execution of malware executables belonging to various Dropper and…
By: Shivang Desai

Android Spyware SMSVova posing as system update on Play Store

Android Spyware SMSVova found on Google Play Store

Mobile Malware

In our ongoing effort to hunt malware, the Zscaler ThreatLabz team came across a highly suspicious app on the U.S. Google Play Store that has been downloaded between one and five million times since 2014. Upon analysis, we found it…
By: Sameer Patil

Increase in jRAT Campaigns

The Zscaler ThreatLabZ team has detected a rise in Java-based remote access Trojan variants  jRATs which give attackers a backdoor into a victim's system and can be capable of remotely taking control of the system once it's infected. Malware authors are using…
By: Chris Mannon

Microsoft Office 0-Day leveraged in spam campaigns

Exploit | Microsoft | Spam | Zero Day

A new spam campaign has been leveraging exploits for the Microsoft Office vulnerability CVE-2017-0199. Security industry repsonse to the vulnerability was rapid and several in-the-wild exploits have been detailed by various security companies. The timing of this attack was largely preempted by…
By: Gaurav Shinde

New Android ransomware bypasses all antivirus programs

Infection continues even after the victim pays the ransom

Mobile Malware

The Zscaler ThreatLabZ team has found a new variant of Android Ransomware. What makes this variant particularly scary is that it evaded all the antivirus programs tested against it at the time of writing this blog. During our investigation, we uncovered…
By: Gaurav Shinde

Nasty adware hiding in apps on Google Play Store

The adware would like to be your device administrator if you let it

Mobile Malware

In our ongoing hunt for malicious apps on Google Play Store, we have come across more than a dozen apps that we have confirmed to be aggressive adware strains, with the ability to add themselves as device administrator on a victim's…

Learn more about Zscaler.
Join one of our webcasts.

Check how healthy is your Internet security with Security Preview, Zscaler's free security scan

How secure are you?

Check your security with our instant risk assessment, Security Preview. It’s free, confidential and safe. 85% of companies who run this test find vulnerabilities that require immediate attention.