<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><img class="alignnone size-full wp-image-1889" src="http://cdn2.hubspot.net/hubfs/2548414/Imported_Blog_Media/rocks.png" alt="Rocks" width="919" height="557">RockLoader is a new malware downloader that was recently discovered by Proofpoint. This downloader is being used by the same cybercriminals&nbsp;behind Locky ransomware, and is spreading a number of malware variants in addition to the notorious ransomware. These include the Dridex 220 botnet trojan, as well as Kegotip and Pony, two malware variants used to steal information.</p> <!--more--><p>The&nbsp;new downloader stands out from the rest due to its ability to receive multiple commands in a single request. This gives the threat actors the ability to drop several&nbsp;malware payloads to the infected system&nbsp;with a single&nbsp;request. This makes the malware downloader extensible, and much&nbsp;more efficient.</p> <p>RockLoader has been&nbsp;distributed through spam emails with JS attachments, as well as malicious documents.</p> <p>ThreatSTOP customers are protected from RockLoader.</p> <div id="jp-post-flair" class="sharedaddy sd-like-enabled sd-sharing-enabled"></div> <p>&nbsp;</p></span>
