Research Blog

News and views from the leading voice in cloud security.

By: Derek Gooley

The Rise in SSL-based Threats

Encryption | Malware

Overview The majority of Internet traffic is now encrypted. With the advent of free SSL providers like Let s Encrypt, the move to encryption has become easy and free. On any given day in the Zscaler cloud, more than half…
By: Shivang Desai

SpyNote RAT posing as Netflix app

SpyNote RAT posing as Netflix app and more

Mobile Malware

Watch on Fox News Hackers may use fake Netflix app to spy on users As users have become more attached to their mobile devices, they want everything on those devices. There s an app for just about any facet of one…
By: Viral Gandhi

Super Mario Run Malware #2 – DroidJack RAT

Gamers love Mario and Pokemon, but so do malware authors.

Mobile Malware

A few days back, we wrote about an Android Marcher trojan variant posing as the Super Mario Run game for Android. We have found another instance of malware posing as the Super Mario Run Android app, and this time it has taken…
By: Viral Gandhi

Android Marcher now posing as Super Mario Run

Attackers seek to use the game's popularity to spread malware


Nintendo recently released Super Mario Run for the iOS platform. In no time, the game became a sensational hit on the iTunes store. However, there is not yet an Android version and there has been no official news on such a…
By: Chris Mannon

Santa Claus is coming to town with a sack full of ransomware

Abuse | Adware | Analysis | Exploit | Malware | Phishing | Ransomware | Scam | Spam

It s the season holiday shopping has increased and email inboxes have been inundated with promotional emails, offers from online retailers, and discount banners. And with increased online shopping activity, you can expect to see an increase in activity from…
By: Derek Gooley

Top Exploit Kit Activity Roundup - Fall 2016

Exploit Kit

Overview This is the third in a series of blogs reviewing the activity of the current top exploit kits. Exploit Kits (EKs) are rapidly deployable software packages designed to leverage vulnerabilities in web browsers as a way to deliver a…
By: Ed Miles

CNACOM - Open Source Exploitation via Strategic Web Compromise


Introduction Since a full proof of concept for CVE-2016-0189 vulnerability was published on GitHub, Zscaler ThreatLabZ has been closely tracking its proliferation. The first copying of the exploit code we spotted was from the Sundown exploit kit (EK), followed closely by…
By: Atinderpal Singh

A look at recent Stampado ransomware variant

Self-propagates and encrypts files already encrypted by other ransomware


Introduction Stampado is one of the many new ransomware strains we have seen in 2016. Stampado was first seen in the wild in July 2016, as one of the cheapest pieces of ransomware available on the underground forums.   Figure 1…

Learn more about Zscaler.
Join one of our webcasts.

How secure are you?

Check your security with our instant risk assessment, Security Preview. It’s free, confidential and safe. 85% of companies who run this test find vulnerabilities that require immediate attention.