The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

TheWizards Use Spellbinder to Conjure Lateral Movement

Triada Android Trojan

ResolverRAT Targets Healthcare Sector

Mustang Panda Emerges With New TTPs

Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign

BPFDoor Campaign Targets Asia and Middle East

GIFTEDCROOK Stealer Targets Ukraine

CoffeeLoader

Crocodilus Android Banking Trojan

Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets

VanHelsing Ransomware

RansomHub Affiliate Uses Custom Betruger Backdoor

StilachiRAT

Ricochet Chollima Using KoSpy Android Spyware

Sidewinder Using New Tools to Target Maritime and Nuclear Sectors

Lotus Panda Uses Sagerunex to Target Multiple Verticals

Ransomware Attacks Ramping Up in the Middle East

The Bybit Hack: How the $1.5B Windfall Could Fuel a Surge in Cybercrime

Silver Fox Targeting Medical Devices

Wicked Panda’s RevivalStone Campaign Targets Manufacturing Entities in Japan

Ghost (Cring) Ransomware

FrigidStealer MacOS Stealer

SystemBC Now Targeting Linux

Chinese Threat Actors Using BadIIS to Manipulate SEO

Evasive Panda Uses SSH Backdoor to Target Network Devices

Coyote Banking Trojan

Lynx Ransomware

MintsLoader Delivering StealC and BOINC

AIRASHI Botnet

Medusa Ransomware

FunkSec Ransomware

Banshee MacOS Stealer

"FakePOC" Infostealer Masquerading as LDAPNightmare PoC Exploit

FireScam Android Malware

2024 Recap - Malware Hall of Fame

2024 Recap - Russian Threat Actor Activity

2024 Recap - Iranian Threat Actor Activity

2024 Recap - North Korean Threat Actor Activity

Black Basta Evolves

Salt Typhoon Targets Telecoms With GhostSpider

BabbleLoader

HellDown Ransomware Linux Variant

PXA Stealer

Ymir Ransomware

HellCat Ransomware Targets Energy Giant Schneider Electric

ToxicPanda Android Banking Trojan

NotLockBit Ransomware Targets MacOS

FASTCash Linux Variant

The Evolution of Akira Ransomware

An Inside Look at NCT’s Role in Advancing Cybersecurity

BumbleBee Returns With New Infection Chain

GorillaBot

BrainCipher Ransomware

Trinity Ransomware

Perfectl Linux Malware

Silent Chollima Extortion Activity Targets US Entities

Octo2 Android Banking Trojan

DragonForce Ransomware

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Vice Society Using INC Ransomware to Target Healthcare Vertical

Ajina Android Malware

Cicada3301 Ransomware

New Lumma C2 Variant Leverages PowerShell

HZ Rat MacOS Variant

Voldemort

RansomHub

Cthulhu MacOS Stealer

DevPopper Campaign Targets Software Developers

APT42 Targets US Presidential Campaigns and Israel in Phishing Campaign

Recent Ransomware Attacks on the Healthcare Vertical

BlackSuit Confirmed as Royal Ransomware Rebrand

BitSloth

Mandrake Android Spyware

Silent Chollima's Espionage Activity

Evasive Panda Updates Its Arsenal

Play Ransomware Linux Variant Discovered

MuddyWater Using New Backdoor to Target Middle East

Eldorado Ransomware

New CapraRAT Activity

GhostLocker Ransomware

New Medusa Android Banking Trojan Variant Discovered

FickleStealer

BadSpace Backdoor

DISGOMOJI Linux RAT Controlled Via Discord Emojis

PolySwarm.AI: Rewarding the Community for Eradicating Invasive Phish

Cosmic Leopard Activity Targets Windows, MacOS, & Android

RansomHub

TargetCompany Ransomware Linux Variant

New North Korean Threat Actor Group Moonstone Sleet

BloodAlchemy Targeted Government Entities in Asia

Venomous Bear’s Lunar Toolset

Velvet Chollima Using Gomir Linux Backdoor

Ebury Compromised 400K Linux Servers

Black Basta Targeting Critical Infrastructure

Cuckoo: Part Infostealer, Part Spyware

Cuttlefish Targeting SOHO Routers

Brokewell Android Banking Trojan

CoralRaider's Stealer Spree

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Operation MidnightEclipse Leverages CVE-2024-3400

DarkGate

Latrodectus

INC Ransomware

Vultur Android Malware

StrelaStealer Campaign Targeted US and EU

AcidPour Wiper Targets Linux x86 Devices

BunnyLoader 3.0

Evasive Panda's Nightdoor Backdoor

RA World Ransomware Targets Healthcare Entities

Phobos Targeting Critical Infrastructure

KrustyLoader Backdoor

Rhadamanthys Targeting ONG Sector

Ensuring a Secure Workforce: Vital Security Measures for Corporations

A Brief History of LockBit

Mustang Panda Used DOPLUGS PlugX Variant to Target Asia

RustDoor MacOS Backdoor

ALPHV Targeting ONG, Critical Infrastructure Entities

Strengthen Your Online Security: The Power of Two-Factor Authentication

VajraSpy Android Spyware

PurpleFox Botnet Targeting Entities in Ukraine

Faust Ransomware

New Zloader Variant Discovered

Cactus Ransomware

ColdRiver Using Spica Backdoor

Androxgh0st

Volt Typhoon's KV-Botnet

SpectralBlur MacOS Backdoor

Xamalicious Android Backdoor

Fancy Bear Campaign Leverages New Malware

PolySwarm's 2024 Malware to Watch

2023 Recap - Cyber Threats to the Energy Vertical

2023 Recap - Malware Trends and Observations

2023 Recap - Malware Hall of Fame

2023 Recap - Threat Actor Activity Highlights - North Korea

2023 Recap - Cyber Activity in the Gaza Conflict

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Kinsing Exploiting CVE-2023-46604

LummaC2

Rhysida On The Rampage

C3RB3R Exploiting CVE-2023-22518

SecuriDropper Android Malware

New MOVEit Activity

BiBi-Linux Wiper

MOIS Affiliated Threat Actor Using Liontail Framework

XWorm

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Akira Ransomware

Qakbot Threat Actors Distributing Ransom Knight And Remcos

Mirai IZ1H9

AresLoader

BunnyLoader

Stealth Falcon's Deadglyph Backdoor

New BBTok Variant

ShroudedSnooper Targeting Telecommunications in the Middle East

Earth Lusca's SprySOCKS Linux Backdoor

ALPHV Hacks MGM Grand

Charming Kitten Using Sponsor Backdoor

Mallox Ransomware

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Carderbee Targets Hong Kong in Supply Chain Attack

UNC4841 Targeting Government Entities with Barracuda ESG 0day

New XLoader Variant Disguised as Signed App

Go-Based Proxy Targets Windows and Mac Systems

Cuba Ransomware Used Veeam Vulnerability (CVE-2023-27532)

Monti Ransomware Linux Variant

DroxiDat Targets African Power Company

Rhysida and LockBit Observed Targeting the Healthcare Vertical

Ransomware Threats to the Healthcare Vertical

Realst MacOS Infostealer

SpyNote Targets Utility Company Customers

Wicked Panda Using WyrmSpy and DragonEgg Android Spyware

The Evolution of BPFDoor

Fin8 Using Sardonic Backdoor

PicassoLoader

Vixen Panda's Graphican Backdoor

CVE-2022-31199 Used in Truebot Attacks

Anatsa Android Banking Trojan

Condi DDoS Botnet

DcRAT Distributed Via Adult Content Themed Lures

Cadet Blizzard

Asylum Ambuscade

Cl0p Reportedly Using MOVEit 0day (CVE-2023-34362)

BlackSuit Ransomware

CosmicEnergy

Volt Typhoon Targets US Critical Infrastructure

AhRAT

BlackByte NT

Geacon - Cobalt Strike for MacOS

RedStinger Targets Critical Infrastructure

Winnti Subgroup Earth Longzhi Uses New TTPs

Reaper Uses New TTPs to Drop RokRAT

BlueNoroff's RustBucket MacOS Malware

PingPull Linux Variant

Tomiris Targets Central Asia in Espionage Campaign

Mint Sandstorm Targets US Critical Infrastructure

Goldoson Android Adware

LockBit MacOS Variant

Iranian Threat Actors Target Hybrid Environment

Rorschach Ransomware

All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More