Proton

Proton is a malicious software, or malware, that infiltrates systems to steal personal information, disrupt operations, and potentially hold data for ransom. Its methods of distribution include phishing attacks and fake installers for legitimate software such as VPNs from F-Secure and Proton. This malware has been found within various components of the ProtonVPN software suite, including the ProtonVPN Callout Driver, ProtonVPN Service, ProtonVPN WireGuard Service, and ProtonVPN Update Service, with file dates ranging from May to November 2021. In June 2024, a joint investigation conducted by Proton and Constella Intelligence revealed that the personal information of hundreds of British and EU politicians was available on dark web marketplaces. The leaks likely occurred because staffers used their official email addresses to sign up for various services, including high-risk sites such as dating and adult websites, which were later compromised in data breaches. The situation highlighted a critical security lapse where sensitive work-related emails became entangled with less secure third-party platforms. In response to these findings, secure mail provider Proton teamed up with Constella Intelligence to search the dark web for over 16,000 publicly available email addresses associated with congressional staff. They recommended that politicians and staffers take additional precautions with their online activities. This move was partly motivated by previous incidents such as during the 2016 US presidential election when Hillary Clinton’s chief of staff had his emails exposed due to a phishing attack. Further investigations into the extent of the Proton malware's impact are ongoing, with additional findings expected to be released in the coming weeks.