The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Anatsa Android Banking Trojan Targets US Banks

Jul 18, 2025 2:08:41 PM / by The Hivemind posted in Threat Bulletin, Banker, Banking Trojan, Anatsa, Android Malware, overlay attacks, Google Play Store, credential theft, North America, financial fraud, device takeover, mobile banking

0 Comments

Verticals Targeted: Financial
Regions Targeted: US, Canada
Related Families: None

Read More

NimDoor MacOS Malware

Jul 14, 2025 2:34:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Stealer, Infostealer, Cryptocurrency, social engineering, Stardust Chollima, NimDoor, AppleScript, MacOS malware, Web3, Nim, Zoom phishing

0 Comments

Verticals Targeted: Cryptocurrency
Regions Targeted: Not Specified
Related Families: None

Executive Summary

NimDoor is a sophisticated MacOS malware deployed by North Korea-linked threat actors, likely Stardust Chollima, targeting Web3 and cryptocurrency organizations. Utilizing Nim and C++ binaries, AppleScript, and social engineering via fake Zoom updates, NimDoor employs process injection, WebSocket communications, and signal-based persistence to steal sensitive data.

Read More

BERT Ransomware

Jul 11, 2025 2:02:09 PM / by The Hivemind posted in Threat Bulletin, Europe, REvil, Healthcare, Asia, Babuk, Technology, Emerging Threat, PowerShell, Evolving Threat, Event Services, United States, BERT ransomware

0 Comments

Verticals Targeted: Healthcare, Technology
Regions Targeted: Asia, Europe, United States
Related Families: REvil, Babuk

Read More

SparkKitty Trojan Targets Mobile Users with Cross-Platform Espionage

Jul 8, 2025 12:50:14 PM / by The Hivemind posted in Threat Bulletin, Android Malware, Cryptocurrency Theft, SparkKitty, iOS malware, App Store, Southeast Asia, SparkCat, Trojan malware, photo exfiltration

0 Comments

Verticals Targeted: Cryptocurrency, Gambling, Adult Entertainment
Regions Targeted: Southeast Asia, China
Related Families: SparkCat

Executive Summary

SparkKitty, a Trojan malware targeting iOS and Android devices, infiltrates official app stores and untrusted websites to steal images from device galleries, primarily aiming to capture cryptocurrency wallet seed phrases. Active since early 2024, it poses a significant threat to users in Southeast Asia and China.

Read More

An Eye on Iran

Jul 8, 2025 12:01:19 PM / by The Hivemind posted in Charming Kitten, APT35, Wiper Malware, Iranian cyberattacks, Peach Sandstorm, CyberAv3ngers, APT33, US critical infrastructure, Israeli defense, IRGC cyber operations

0 Comments

Executive Summary

Escalating tensions following Israel’s “Operation Rising Lion” and US “Operation Midnight Hammer” can potentially trigger retaliatory cyberattacks, with IRGC-linked groups targeting US and Israeli critical infrastructure. These state-sponsored actors may deploy sophisticated malware and phishing to disrupt operations and steal intelligence, posing significant risks to global security.

Read More

Godfather Evolves With Advanced On-Device Virtualization Capabilities

Jun 30, 2025 1:56:44 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, Godfather Malware, Mobile Banking Trojan, on-device virtualization, cryptocurrency app attacks, accessibility service abuse, overlay attacks, mobile security threats, banking app hijacking

0 Comments

Verticals Targeted: Financial
Regions Targeted: Not specified
Related Families: None

Executive Summary

Industry researchers have identified an advanced evolution of the Godfather banking trojan, which employs on-device virtualization to hijack mobile banking and cryptocurrency applications on Android devices. This sophisticated technique allows attackers to monitor and control user interactions within a virtualized app environment, posing a significant threat to mobile security.

Read More

Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet

Jun 27, 2025 2:34:57 PM / by The Hivemind posted in Threat Bulletin, CVE-2025-3248, AI Server Security, Cybersecurity Threats, Trend Micro, Flodrix Botnet, Langflow Vulnerability, Remote Code Execution, DDoS Attacks, Python Malware, Botnet Mitigation

0 Comments

Verticals Targeted: AI
Regions Targeted: Not specified
Related Families: LeetHozer

Read More

Famous Chollima’s PylangGhost

Jun 23, 2025 2:25:38 PM / by The Hivemind posted in Blockchain, Threat Bulletin, North Korea, India, Malware, Python, Cryptocurrency, RAT, PylangGhost, GolangGhost, Famous Chollima

0 Comments

Verticals Targeted: Cryptocurrency
Regions Targeted: India
Related Families: GolangGhost

Executive Summary

Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India. This malware, a variant of the GolangGhost RAT, facilitates credential theft and remote system control via sophisticated social engineering tactics.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More