The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Perfectl Linux Malware

Oct 15, 2024 2:29:59 PM / by The Hivemind posted in Threat Bulletin, Linux, Cryptominer, Perfectl, Monero, Proxyjacking

0 Comments

Executive Summary

Perfectl is a malware family that targets misconfigured Linux servers. In a recent campaign, Perfectl was observed deploying cryptominers and proxyjacking software.

Read More

Silent Chollima Extortion Activity Targets US Entities

Oct 11, 2024 2:12:45 PM / by The Hivemind posted in Threat Bulletin, North Korea, Extortion, Silent Chollima, Andariel, APT 45, Stonefly, Onyx Sleet, Preft

0 Comments

Related Families: Preft

Read More

Octo2 Android Banking Trojan

Oct 7, 2024 2:06:59 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Banking Trojan, Latrodectus, Octo, ExobotCompact

0 Comments

Related Families: Exobot, ExobotCompact, Octo
Verticals Targeted: Financial

Executive Summary

Octo2, an updated version of Octo Android banking trojan, was recently observed targeting Android users in Europe.

Read More

DragonForce Ransomware

Oct 4, 2024 1:05:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Lockbit 3.0, Conti, evolving, Emerging, DragonForce

0 Comments

Related Families: LockBit 3.0, Conti
Verticals Targeted: Business Services, Construction, Retail, Telecommunications, Manufacturing, Mining, Government, Healthcare, Transportation, Energy, Software, Education 

Executive Summary

DragonForce is a ransomware as a service (RaaS) that has significantly evolved in the past year, making it a formidable threat.

Read More

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima

0 Comments

Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development 

Executive Summary

North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.  

Read More

Vice Society Using INC Ransomware to Target Healthcare Vertical

Sep 27, 2024 4:06:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, INC, Vice Society

0 Comments

Verticals Targeted: Healthcare

Executive Summary

Vice Society was recently observed using INC ransomware to target entities in the healthcare sector.

Read More

Ajina Android Malware

Sep 23, 2024 2:03:45 PM / by The Hivemind posted in Threat Bulletin, Android, Banker, Ajina

0 Comments

Verticals Targeted: Financial 

Executive Summary

Ajina is an Android banking malware that masquerades as legitimate Android apps in order to steal banking information and intercept 2FA.

Read More

Cicada3301 Ransomware

Sep 20, 2024 11:04:36 AM / by The Hivemind posted in Threat Bulletin, Ransomware, BlackCat, ALPHV, Cicada3301

0 Comments

Related Families: ALPHV/BlackCat
Verticals Targeted: Construction, IT, Legal Services, Retail, Healthcare, Transportation, Telecommunications, Hospitality, Finance, Real Estate, Manufacturing

Executive Summary

Cicada3301 is a new ransomware as a service (RaaS) that uses sophisticated TTPs to target vulnerabilities within network infrastructures to deploy its ransomware attacks.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts