Modern cybercrime operates highly-sophisticated campaigns that challenge, or even evade, the state-of-art in defense and protection. On a daily basis, users worldwide are fooled by new techniques and threats that went under the radar, like new 0-days or attack vectors. We passively monitored how these attacks are conducted on real installations, and unveiled the modus operandi of malware operators. In this presentation, we share with the audience our recent findings and trends that we observed in-the-wild from the analysis we conducted on 3 million software downloads, involving hundreds of thousands of Internet connected machines. During the talk, we provide insights on our investigation like the effect of code signing abuse, the compromise of cloud providers' operations, the use of domains generated automatically via social engineering, and the business model behind modern malware campaigns. We also discuss the problem of "unknown threats", showing how the Internet's threats landscape is still largely unexplored and how it badly impacts on million of users. We conclude with a proof-of-concept system that we designed and that uses machine-learning to generate human-readable rules for detection. Our system represents a potential mitigation to the problem of "unknown threats" and an assistance tool for analysts globally.