The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BERT Ransomware

Jul 11, 2025 2:02:09 PM / by The Hivemind posted in Threat Bulletin, Europe, REvil, Healthcare, Asia, Babuk, Technology, Emerging Threat, PowerShell, Evolving Threat, Event Services, United States, BERT ransomware

0 Comments

Verticals Targeted: Healthcare, Technology
Regions Targeted: Asia, Europe, United States
Related Families: REvil, Babuk

Read More

SparkKitty Trojan Targets Mobile Users with Cross-Platform Espionage

Jul 8, 2025 12:50:14 PM / by The Hivemind posted in Threat Bulletin, Android Malware, Cryptocurrency Theft, SparkKitty, iOS malware, App Store, Southeast Asia, SparkCat, Trojan malware, photo exfiltration

0 Comments

Verticals Targeted: Cryptocurrency, Gambling, Adult Entertainment
Regions Targeted: Southeast Asia, China
Related Families: SparkCat

Executive Summary

SparkKitty, a Trojan malware targeting iOS and Android devices, infiltrates official app stores and untrusted websites to steal images from device galleries, primarily aiming to capture cryptocurrency wallet seed phrases. Active since early 2024, it poses a significant threat to users in Southeast Asia and China.

Read More

An Eye on Iran

Jul 8, 2025 12:01:19 PM / by The Hivemind posted in Charming Kitten, APT35, Wiper Malware, Iranian cyberattacks, Peach Sandstorm, CyberAv3ngers, APT33, US critical infrastructure, Israeli defense, IRGC cyber operations

0 Comments

Executive Summary

Escalating tensions following Israel’s “Operation Rising Lion” and US “Operation Midnight Hammer” can potentially trigger retaliatory cyberattacks, with IRGC-linked groups targeting US and Israeli critical infrastructure. These state-sponsored actors may deploy sophisticated malware and phishing to disrupt operations and steal intelligence, posing significant risks to global security.

Read More

Godfather Evolves With Advanced On-Device Virtualization Capabilities

Jun 30, 2025 1:56:44 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, Godfather Malware, Mobile Banking Trojan, on-device virtualization, cryptocurrency app attacks, accessibility service abuse, overlay attacks, mobile security threats, banking app hijacking

0 Comments

Verticals Targeted: Financial
Regions Targeted: Not specified
Related Families: None

Executive Summary

Industry researchers have identified an advanced evolution of the Godfather banking trojan, which employs on-device virtualization to hijack mobile banking and cryptocurrency applications on Android devices. This sophisticated technique allows attackers to monitor and control user interactions within a virtualized app environment, posing a significant threat to mobile security.

Read More

Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet

Jun 27, 2025 2:34:57 PM / by The Hivemind posted in Threat Bulletin, CVE-2025-3248, AI Server Security, Cybersecurity Threats, Trend Micro, Flodrix Botnet, Langflow Vulnerability, Remote Code Execution, DDoS Attacks, Python Malware, Botnet Mitigation

0 Comments

Verticals Targeted: AI
Regions Targeted: Not specified
Related Families: LeetHozer

Read More

Famous Chollima’s PylangGhost

Jun 23, 2025 2:25:38 PM / by The Hivemind posted in Blockchain, Threat Bulletin, North Korea, India, Malware, Python, Cryptocurrency, RAT, PylangGhost, GolangGhost, Famous Chollima

0 Comments

Verticals Targeted: Cryptocurrency
Regions Targeted: India
Related Families: GolangGhost

Executive Summary

Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India. This malware, a variant of the GolangGhost RAT, facilitates credential theft and remote system control via sophisticated social engineering tactics.

Read More

Crocodilus Evolves, Expands Targeting

Jun 20, 2025 12:01:52 PM / by The Hivemind posted in Threat Bulletin, Banking Trojan, Evolving Threat, Crocodilus, Android Malware, Cryptocurrency Theft, Phishing Campaign, Overlay Attack, Mobile Security, ThreatFabric

0 Comments

Verticals Targeted: Banking, E-commerce, Cryptocurrency
Regions Targeted: Turkey, Poland, Spain, Argentina, Brazil, India, Indonesia, United States
Related Families: None specified

Executive Summary

Crocodilus, an Android banking trojan first identified in March 2025, has rapidly evolved into a global threat, targeting banking and cryptocurrency users across eight countries with advanced overlay attacks and social engineering tactics. Its enhanced obfuscation and new features, such as contact list manipulation, amplify its ability to evade detection and execute fraudulent transactions.

Read More

New Chaos RAT Variants Observed

Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified

Executive Summary

New variants of Chaos RAT, an open-source remote administration tool (RAT) first observed in 2022, have been identified. The new variants target both Windows and Linux systems through sophisticated phishing campaigns. This evolving malware deploys cryptominers, steals sensitive data, and establishes persistent control over infected devices.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More