Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

The Top 10 ThreatLabZ blogs from 2018

December 31, 2018 - 4 min read

The Zscaler ThreatLabZ team is continually hunting new threats, analyzing them, and sharing their findings in blogs and reports on the Zscaler site. What follows are the most read and shared blogs of 2018.


Android apps infected with Windows malware reemerge

By Gaurav Shinde

This blog explores apps available on Google Play that were infected with malicious iFrames. Though the malware posed no immediate threat to users, its discovery highlights the fact that infections can be propagated across different platforms. This vector can be leveraged by a clever attacker to serve second-level malicious payloads, depending on the type of device platform visiting the URL. Read more.


Fake Fortnite apps scamming and spying on Android gamers

By Viral Gandhi

Fortnite is a co-op sandbox survival game and, at the time of the ThreatLabZ report, had 45 million players and more than three million concurrent users. In 2918, its maker, Epic Games, announced a version for iOS. Malware authors, knowing that Android users would be anxious to get Fornite, created fake Fortnite for Android apps to spread their payloads, including spyware, a coin miner, and some unwanted apps. Read more.


CVE-2017-8570 and CVE-2018-0802 exploits being used to spread LokiBot

By Mohd Sadique

This blog provides an overview of the use of malicious RTF documents that leverage the CVE-2017-8570 and CVE-2018-0802 vulnerability exploits to install malicious payloads on victims’ machines. The team shares its analysis of a campaign leveraging these two exploits to deliver LokiBot. Read more.


The latest cloud hosting service to serve malware

By Dhanalakshmi

Cloud services are under attack because they enable bad actors to open inexpensive hosting accounts for hiding malicious content in the cloud-based domains of well-known brands. The ThreatLabZ team discovered that a popular managed cloud hosting service provider has been serving phishing attacks and other malware in the wild as far back as February 2018. Read more.


Meltdown and Spectre vulnerabilities: What you need to know

By Deepen Desai

With the ability to allow attackers to gain unauthorized access to sensitive information in system memory, Meltdown and Spectre represent a new class of microarchitectural attacks that use processor chip performance optimization features to exploit built-in security mechanisms. This blog provides an analysis of the vulnerabilities as well as mitigation information. Read more.


Cryptominers and stealers – malware edition

By Atinderpal Singh and Rajdeepsinh Dodia

Due to their decentralized nature, cryptocurrencies are impossible to control or censor by any single authority—and that makes them attractive to cybercriminals. With more than 4,000 cryptocurrencies on the market rising in both value and popularity, we’ve seen a rise in the use of malware that targets bitcoins or altcoins for financial gain. This blog provides insight into various cryptominers and stealer variants. Read more.


DarkCloud Bootkit

By Nirmal Singh

Following on its report about cryptomining and wallet stealing techniques, this blog provides a technical analysis of yet another type of cryptominer malware that uses a bootkit and other kernel-level shellcode for persistence. Read more.


Spam campaigns leveraging .tk domains

By Mohd Sadique

ThreatLabZ identified a campaign using the “.tk” top-level domain, which started with compromised sites that redirect users to either fake blog sites to generate ad revenue or fake tech support sites that claim to remove viruses. We estimated at the time that at least USD 20K per month in revenue was being generated from the fraudulent ad activities alone. Read more.


Magecart campaign remains active

By Rubin Azad

Magecart is a notorious hacker group that has been responsible for large-scale attacks on the e-commerce sites of well-known brands. In this blog, we examine the campaign’s recent activity and its methods for skimming credit and debit card information for financial gain. Read more.


Ubiquitous SEO poisoning URLs

By Jim Wang

SEO poisoning is an attack method that involves creating web pages packed with trending keywords in an effort to get a higher ranking in search results. SEO poisoning is also a way to redirect users to unwanted applications, phishing, exploit kits and malware, porn, advertisements, and so on. This blog includes examples and analysis of the techniques in use. Read more.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.