The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

FASTCash Linux Variant

Nov 4, 2024 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Linux, FastCash, Payment Switch

0 Comments

Verticals Targeted: Financial 

Executive Summary

A Linux variant of FASTCash “payment switch” malware was recently discovered. This malware is typically used by North Korea nexus threat actor groups to make unauthorized cash withdrawals from ATMs.

Read More

The Evolution of Akira Ransomware

Nov 1, 2024 12:21:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Evolving Threat

0 Comments

Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services

Executive Summary

Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.

Read More

An Inside Look at NCT’s Role in Advancing Cybersecurity

Nov 1, 2024 10:27:17 AM / by PolySwarm Team posted in Blockchain, Cryptocurrency, NCT

0 Comments

PolySwarm launched in 2018 with the Nectar (NCT) token, an ERC-20 token empowering cybersecurity professionals and enterprises to actively contribute and participate in our threat detection marketplace. The distribution of NCT reflects PolySwarm’s commitment to building a decentralized, community-driven platform. This post describes PolySwarm’s token allocations at launch and the token’s role within the cybersecurity ecosystem.

Read More

BumbleBee Returns With New Infection Chain

Oct 28, 2024 12:26:54 PM / by The Hivemind posted in Threat Bulletin, Loader, Bumblebee, Operation Endgame, Evolving Threat

0 Comments

Related Families: BazarLoader, BazaLoader

Executive Summary

BumbleBee is a sophisticated loader. It was first seen in the wild in 2022 and was a replacement for BazarLoader. It recently re-emerged with a new infection chain, indicating an evolving threat.

Read More

GorillaBot

Oct 23, 2024 11:56:41 AM / by The Hivemind posted in Threat Bulletin, DDoS, Mirai, Emerging Threat, GorillaBot, Gorilla Botnet

0 Comments

Related Families: Mirai
Verticals Targeted: Education, Government, Telecommunications, Financial, Gaming

Executive Summary

Gorilla Botnet, also known as GorillaBot, is a Mirai-based botnet family that recently gained momentum and notoriety.

Read More

BrainCipher Ransomware

Oct 21, 2024 12:07:07 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Lockbit 3.0, Emerging Threat, BrainCipher, BrainCypher

0 Comments

Related Families: LockBit 3.0
Verticals Targeted: Media, Insurance, Legal Services, Healthcare, Retail, Software, Construction, Manufacturing, Real Estate, Education, Government 

Executive Summary

BrainCipher ransomware, which was first observed in June 2024, is an emerging threat. BrainCipher is based on the leaked LockBit 3.0 builder and is functionally similar to LockBit 3.0.  

Read More

Trinity Ransomware

Oct 18, 2024 2:30:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Healthcare, Manufacturing, Emerging Threat, Trinity

0 Comments

Related Families: Venus, 2023Lock
Verticals Targeted: Healthcare, Manufacturing, Business Services 

Read More

Perfectl Linux Malware

Oct 15, 2024 2:29:59 PM / by The Hivemind posted in Threat Bulletin, Linux, Cryptominer, Perfectl, Monero, Proxyjacking

0 Comments

Executive Summary

Perfectl is a malware family that targets misconfigured Linux servers. In a recent campaign, Perfectl was observed deploying cryptominers and proxyjacking software.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts