Security Research Blog

News and views from the leading voice in cloud security.

By: Viral Gandhi

New Android Marcher Variant Posing as Adobe Flash Player Update

Android Marcher malware


Introduction Marcher is sophisticated banking malware that steals users financial information, such as online banking credentials and credit card details. We have observed Marcher evolving over time, using new tricks and payload delivery mechanisms. As we reported about previous encounters…
By: Rohit Hegde

Top Exploit Kit Activity Roundup - Spring 2017

Exploit Kit

Overview This is the fifth in a series of posts in which we're examining recent activity of the current top exploit kits. An exploit kit (EK) is a rapidly deployable software package designed to leverage vulnerabilities in web browsers to…
By: Shivang Desai

Malicious Android Ads leading to drive by downloads

Drive by downloads causing chaos

Mobile Malware

The Zscaler ThreatLabZ team recently identified an Android app that was downloading itself from advertisements posted on forums. Malvertising is a growing problem and one that we have covered on past occasions, especially given the rise in SSL sites that serve…
By: Deepen Desai

WannaCry 2.0 ransomware attacks continue...

Analysis of WannaCry variants and propagation vectors seen in the wild.


Introduction An aggressive ransomware campaign went viral on May 12, 2017, that impacted over 200,000 systems worldwide and the attack remains active. The use of the leaked NSA ETERNALBLUE  SMB exploit by the dropper payloads, which target a Microsoft Windows vulnerability in…
By: Deepen Desai

Google Docs Phishing Campaign

Viral phishing campaign targeting Google users and enterprise Google deployments


Introduction An aggressive phishing campaign went viral earlier today that impacted multiple Google Mail users, including those in enterprise Google deployments. The campaign involved unsuspecting users receiving an email with a Google Doc link from one of their known contacts. If…
By: Rohit Hegde

JavaScript Malspam Campaigns

Multiple malicious JavaScript spam campaigns active in the wild

Malware | Spam

Introduction The Zscaler ThreatLabz team has observed multiple active malspam campaigns with links to malicious JavaScript payloads in the wild. These JavaScript files when opened by the end user will trigger download and execution of malware executables belonging to various Dropper and…
By: Shivang Desai

Android Spyware SMSVova posing as system update on Play Store

Android Spyware SMSVova found on Google Play Store

Mobile Malware

In our ongoing effort to hunt malware, the Zscaler ThreatLabz team came across a highly suspicious app on the U.S. Google Play Store that has been downloaded between one and five million times since 2014. Upon analysis, we found it…
By: Sameer Patil

Increase in jRAT Campaigns

The Zscaler ThreatLabZ team has detected a rise in Java-based remote access Trojan variants  jRATs which give attackers a backdoor into a victim's system and can be capable of remotely taking control of the system once it's infected. Malware authors are using…

Learn more about Zscaler.
Join one of our webcasts.

Check how healthy is your Internet security with Security Preview, Zscaler's free security scan

How secure are you?

Check your security with our instant risk assessment, Security Preview. It’s free, confidential and safe. 85% of companies who run this test find vulnerabilities that require immediate attention.