Proton

Malware Profile Updated a month ago
Download STIX
Preview STIX
Proton is a malicious software or malware that can infiltrate systems and cause harm by stealing personal information, disrupting operations, or even holding data for ransom. It was found embedded in several components of ProtonVPN, a service offered by Swiss-based company Proton Technologies AG. The specific components affected included ProtonVPN Callout, ProtonVPN Service, ProtonVPN WireGuard, and ProtonVPN Update Service, with the first signs of this malware appearing in 2021. In May 2024, encrypted services including Apple, Proton, and Wire reportedly assisted Spanish police in identifying an activist. This raised concerns about the security and privacy protocols of these services. Furthermore, it was revealed that unlike more sophisticated operations, "Phobos" – another malware operation – does not maintain a central data leak site or chat infrastructure. Instead, victim communications most frequently take place over email, with the operating affiliates using 'throwaway' accounts with secure email services such as Proton Mail and Onion Mail. Despite the controversy, Proton continued to develop its offerings, with version 4.3.0 of Proton VPN being released. However, some users reported issues with this latest version. In addition, Proton launched a desktop mail app available on Mac, Windows, and Linux platforms. The company's Security Risk and Governance Manager refused to comment on the development or the nature of the law enforcement inquiry into the malware issue, citing "privacy reasons" and legal limitations.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransom
Vpn
Windows
Outlook
Bitcoin
Signal
Cybercrime
Macos
Youtube
Android
Ubuntu
Azure
Rat
Encryption
Chrome
Phishing
Spam
Ransomware
Encrypt
Fortiguard
Telegram
Firefox
Expressvpn
Vulnerability
Exploit
European
Bot
British
Microsoft
Chromium
Blizzard
Government
XSS (Cross S...
Sandbox
Google
1password
Data Leak
Linux
Red Hat
Github
Korean
Healthcare
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HeadcrabUnspecified
2
HeadCrab is a sophisticated malware that targets Redis servers, a popular in-memory data structure store often used as a database or cache. First detected by Aqua Security in September 2021, HeadCrab has evolved to operate in memory, making it harder for antivirus systems to detect. It is estimated
OmgUnspecified
1
OMG is a variant of the Mirai malware, designed to exploit Internet of Things (IoT) devices by turning them into proxy servers for cryptomining. This malicious software operates covertly, typically entering systems through suspicious downloads, emails, or websites, and once inside, it can disrupt op
PhobosUnspecified
1
Phobos is a type of malware, specifically a ransomware that has been causing significant disruptions in the cyber world. The malicious software operates by infiltrating systems through suspicious downloads, emails, or websites without user awareness. Once inside, it can steal personal information, d
KeydnapUnspecified
1
Keydnap is a form of malware that has been used in various attacks to exploit and damage computer systems. It infiltrates the system through suspicious downloads, emails, or websites, often without the user's knowledge, and once inside, it can steal personal information, disrupt operations, or hold
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Star BlizzardUnspecified
1
Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr
CalistoUnspecified
1
Calisto, also known as BlueCharlie, Blue Callisto, TAG-53, COLDRIVER, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a threat actor that has been active since 2019. This group targets a wide range of sectors and is particularly focused on individuals and organizations involved in intern
Cold RiverUnspecified
1
Cold River, a sophisticated threat actor linked to the Kremlin, has been engaging in malicious cyber activities for several years. The group, also known as Star Blizzard, Callisto, and UNC4057, is attributed to Center 18 of the FSB, one of Russia's security services sponsoring global cyber espionage
COLDRIVERUnspecified
1
Coldriver, also known as Star Blizzard and Callisto Group, is a Russian Advanced Persistent Threat (APT) actor that has been identified as a significant cybersecurity threat. Notably, Google's Threat Analysis Group (TAG) has issued warnings about Coldriver's use of a custom backdoor in its operation
TickUnspecified
1
Tick is a threat actor, likely originating from the People's Republic of China, that has been associated with malicious activities in cyberspace. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have investigated the activities of this group, also known as BRONZE BUTLER. T
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Proton Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Авторы «почты для параноиков» Proton Mail выпустили супернадежное хранилище паролей. Утечки ему не страшны. Россиян к нему не пустят
MITRE
a year ago
Mac Malware of 2017
Fortinet
10 months ago
Ransomware Roundup - DoDo and Proton | FortiGuard Labs
MITRE
a year ago
Calisto Trojan for macOS
CERT-EU
a year ago
开源情报攻城狮的基础设施-Windows主机配置 - FreeBuf网络安全行业门户
CERT-EU
a year ago
The best VPN for 2023 | Engadget
SANS ISC
2 months ago
Rolling Back Packages on Ubuntu/Debian - SANS Internet Storm Center
CERT-EU
a year ago
Proton launches its password manager Proton Pass, now available for download
CERT-EU
a year ago
Phone monitoring app LetMeSpy, used to spy on thousands of Android users, says a hacker stole the messages, call logs, and locations the spyware had intercepted
CERT-EU
3 months ago
Small-business owners and activists who rely on TikTok say the US House measure forcing a sale or ban would damage their livelihoods and harm their communities
CERT-EU
7 months ago
4 Best Small Business VPNs for 2023
CERT-EU
3 months ago
US cybersecurity company Zscaler acquires Israel-based cybersecurity startup Avalor for $350M; Avalor was founded in 2022 and has raised just $30M to date
CERT-EU
a year ago
個資
CERT-EU
a year ago
Links 08/05/2023: Many More Intel and Microsoft Layoffs
CERT-EU
a year ago
Proton Launches Open Source Password Manager
CERT-EU
a year ago
Links 13/05/2023: Ruby 3.3.0 Preview1, Wine 8.8, and Kdenlive 23.04
CERT-EU
a year ago
The best VPN deals of the week: Save on ExpressVPN, NordVPN, ProtonVPN, and more
CERT-EU
6 months ago
Proton AG launches sentinel for enhanced password protection
CERT-EU
9 months ago
Proton Mail vulnerabilities allow stealing decrypted emails and impersonate users
DARKReading
9 months ago
CAPTCHAs Easy for Humans, Hard for Bots