The PolySwarm Blog

Verticals Targeted: None specified
Regions Targeted: None specified 
Related Families: None

Executive Summary

SolyxImmortal is a Python-based information-stealing malware that functions as a persistent implant on Windows systems. It combines multiple surveillance capabilities into a single continuously running process. Collected data stages locally, compresses, and exfiltrates to Discord webhooks using HTTPS, with cleanup to reduce forensic traces while maintaining long-term access.

Verticals Targeted: None confirmed
Regions Targeted: None confirmed
Related Families: None

Executive Summary

VoidLink represents an advanced, modular Linux malware framework developed with apparent Chinese affiliation, emphasizing cloud and container environments for stealthy, persistent access. Designed as a comprehensive post-exploitation tool with adaptive evasion and a plugin-based architecture, it remains in active development with no observed real-world deployments to date.

Verticals Targeted: Diplomatic, Maritime, Financial, Telecom
Regions Targeted: Middle East
Related Families: Archer RAT / RUSTRIC

Executive Summary

A spear-phishing campaign linked to the Muddy Water APT group was observed deploying a new Rust-based implant called RustyWater against organizations in the Middle East. This evolution from legacy PowerShell and VBS tooling introduces enhanced modularity, anti-analysis features, and asynchronous command-and-control capabilities.

Verticals Targeted: Government, Academia
Regions Targeted: India
Related Families: None

Executive Summary

APT36, also known as Transparent Tribe, a Pakistan-aligned threat actor, has launched a targeted cyber espionage campaign against Indian governmental, academic, and strategic entities using sophisticated deception techniques. The operation delivers a multi-stage Remote Access Trojan (RAT) through a weaponized LNK file disguised as a PDF, enabling persistent access, surveillance, and data exfiltration with minimal detection risk. The campaign has targeted government, academic, and strategic entities in India.

Verticals Targeted: Consumer Electronics, Residential Networks
Regions Targeted: Brazil, India, United States, Vietnam, Saudi Arabia, Russia, Argentina, South Africa, Philippines, Mexico, Thailand, Indonesia, Morocco, Turkey, Iraq, Pakistan, China
Related Families: Aisuru

Executive Summary

Security researchers have detailed the Kimwolf botnet, a massive Android-based network exceeding 1.8 million infected devices, primarily TV boxes, enabling DDoS attacks, proxy services, and other malicious activities through exploitation of residential proxy networks and device vulnerabilities. This threat demonstrates rapid growth and resilience, leveraging advanced evasion techniques to maintain control and monetize infections.

Verticals Targeted: Multiple
Regions Targeted: Multiple
Related Families: Cl0p, Qilin, SocGholish, Akira, AsyncRAT, LummaStealer, RedLineStealer, VShell

Executive Summary

PolySwarm's 2025 Year in Review spotlights resilient malware that dominated the threat landscape and nation-state espionage from the Big Four. React2Shell (CVE-2025-55182) emerged as the top vulnerability, while AI-driven attacks defined the year's paradigm shift.

Verticals Targeted:  Healthcare, Finance, Transportation, Government
Regions Targeted: Not specified
Related Families: MrAgent, Mario

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: BluelineStealer, ChromElevator