The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Evasive Panda Uses SSH Backdoor to Target Network Devices

Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr

0 Comments

Executive Summary

Read More

Coyote Banking Trojan

Feb 7, 2025 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Windows, Banker, Banking Trojan, Evolving Threat, Coyote

0 Comments

Verticals Targeted: Financial 

Executive Summary

Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.

Read More

Lynx Ransomware

Feb 3, 2025 1:43:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, INC, Emerging Threat, Lynx

0 Comments

Related Families: INC
Verticals Targeted: Legal Services, Retail, Finance, Telecommunications, Agriculture, Manufacturing, Construction, Transportation, Healthcare, Energy

Executive Summary

Lynx ransomware is a ransomware-as-a-service (RaaS) that was first observed in July 2024. Since its debut, the ransomware has gained momentum and has continued its activity into early 2025.

Read More

MintsLoader Delivering StealC and BOINC

Jan 31, 2025 12:35:53 PM / by The Hivemind posted in Threat Bulletin, Loader, MintsLoader, BOINC, StealC

0 Comments

Verticals Targeted: Oil & Gas, Energy, Legal Services 

Executive Summary

MintsLoader, a PowerShell-based loader, was recently observed delivering StealC and BOINC.

Read More

AIRASHI Botnet

Jan 27, 2025 11:08:56 AM / by The Hivemind posted in Threat Bulletin, DDoS, Botnet, Emerging Threat, Evolving Threat, AIRASHI

0 Comments

Related Families: AISURU

Executive Summary

AIRASHI is a variant of the AISURU botnet that has been active since at least late 2024. It is in active development and has the capability to conduct large-scale DDoS attacks.

Read More

Medusa Ransomware

Jan 24, 2025 2:18:04 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Medusa

0 Comments

Verticals Targeted: Government, Insurance, Real Estate, Healthcare, Manufacturing, Legal Services, Construction, Retail, Business Services, Energy, Education, Telecommunications, Software, Hospitality, Transportation, Financial 

Executive Summary

Medusa ransomware is a RaaS that has been active since at least 2023. Medusa has claimed several victims so far in 2025, including UK’s Gateshead Council.

Read More

FunkSec Ransomware

Jan 21, 2025 2:22:27 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Emerging Threat, FunkSec

0 Comments

Verticals Targeted: Government, Business Services, Education, Insurance, Software, Media, Finance, Agriculture, Manufacturing, Construction, Healthcare, Retail

Read More

Banshee MacOS Stealer

Jan 17, 2025 2:31:03 PM / by The Hivemind posted in Threat Bulletin, Infostealer, MacOS, Banshee

0 Comments

Executive Summary

Banshee is a stealer that targets MacOS systems. The latest variant of Banshee uses a string encryption algorithm that is the same as the one used in Apple’s Xprotect antivirus engine for MacOS systems.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts