The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

2024 Recap - Russian Threat Actor Activity

2024 Recap - Iranian Threat Actor Activity

2024 Recap - North Korean Threat Actor Activity

Black Basta Evolves

Salt Typhoon Targets Telecoms With GhostSpider

BabbleLoader

HellDown Ransomware Linux Variant

PXA Stealer

Ymir Ransomware

HellCat Ransomware Targets Energy Giant Schneider Electric

ToxicPanda Android Banking Trojan

NotLockBit Ransomware Targets MacOS

FASTCash Linux Variant

The Evolution of Akira Ransomware

An Inside Look at NCT’s Role in Advancing Cybersecurity

BumbleBee Returns With New Infection Chain

GorillaBot

BrainCipher Ransomware

Trinity Ransomware

Perfectl Linux Malware

Silent Chollima Extortion Activity Targets US Entities

Octo2 Android Banking Trojan

DragonForce Ransomware

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Vice Society Using INC Ransomware to Target Healthcare Vertical

Ajina Android Malware

Cicada3301 Ransomware

New Lumma C2 Variant Leverages PowerShell

HZ Rat MacOS Variant

Voldemort

RansomHub

Cthulhu MacOS Stealer

DevPopper Campaign Targets Software Developers

APT42 Targets US Presidential Campaigns and Israel in Phishing Campaign

Recent Ransomware Attacks on the Healthcare Vertical

BlackSuit Confirmed as Royal Ransomware Rebrand

BitSloth

Mandrake Android Spyware

Silent Chollima's Espionage Activity

Evasive Panda Updates Its Arsenal

Play Ransomware Linux Variant Discovered

MuddyWater Using New Backdoor to Target Middle East

Eldorado Ransomware

New CapraRAT Activity

GhostLocker Ransomware

New Medusa Android Banking Trojan Variant Discovered

FickleStealer

BadSpace Backdoor

DISGOMOJI Linux RAT Controlled Via Discord Emojis

PolySwarm.AI: Rewarding the Community for Eradicating Invasive Phish

Cosmic Leopard Activity Targets Windows, MacOS, & Android

RansomHub

TargetCompany Ransomware Linux Variant

New North Korean Threat Actor Group Moonstone Sleet

BloodAlchemy Targeted Government Entities in Asia

Venomous Bear’s Lunar Toolset

Velvet Chollima Using Gomir Linux Backdoor

Ebury Compromised 400K Linux Servers

Black Basta Targeting Critical Infrastructure

Cuckoo: Part Infostealer, Part Spyware

Cuttlefish Targeting SOHO Routers

Brokewell Android Banking Trojan

CoralRaider's Stealer Spree

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Operation MidnightEclipse Leverages CVE-2024-3400

DarkGate

Latrodectus

INC Ransomware

Vultur Android Malware

StrelaStealer Campaign Targeted US and EU

AcidPour Wiper Targets Linux x86 Devices

BunnyLoader 3.0

Evasive Panda's Nightdoor Backdoor

RA World Ransomware Targets Healthcare Entities

Phobos Targeting Critical Infrastructure

KrustyLoader Backdoor

Rhadamanthys Targeting ONG Sector

Ensuring a Secure Workforce: Vital Security Measures for Corporations

A Brief History of LockBit

Mustang Panda Used DOPLUGS PlugX Variant to Target Asia

RustDoor MacOS Backdoor

ALPHV Targeting ONG, Critical Infrastructure Entities

Strengthen Your Online Security: The Power of Two-Factor Authentication

VajraSpy Android Spyware

PurpleFox Botnet Targeting Entities in Ukraine

Faust Ransomware

New Zloader Variant Discovered

Cactus Ransomware

ColdRiver Using Spica Backdoor

Androxgh0st

Volt Typhoon's KV-Botnet

SpectralBlur MacOS Backdoor

Xamalicious Android Backdoor

Fancy Bear Campaign Leverages New Malware

PolySwarm's 2024 Malware to Watch

2023 Recap - Cyber Threats to the Energy Vertical

2023 Recap - Malware Trends and Observations

2023 Recap - Malware Hall of Fame

2023 Recap - Threat Actor Activity Highlights - North Korea

2023 Recap - Cyber Activity in the Gaza Conflict

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Kinsing Exploiting CVE-2023-46604

LummaC2

Rhysida On The Rampage

C3RB3R Exploiting CVE-2023-22518

SecuriDropper Android Malware

New MOVEit Activity

BiBi-Linux Wiper

MOIS Affiliated Threat Actor Using Liontail Framework

XWorm

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Akira Ransomware

Qakbot Threat Actors Distributing Ransom Knight And Remcos

Mirai IZ1H9

AresLoader

BunnyLoader

Stealth Falcon's Deadglyph Backdoor

New BBTok Variant

ShroudedSnooper Targeting Telecommunications in the Middle East

Earth Lusca's SprySOCKS Linux Backdoor

ALPHV Hacks MGM Grand

Charming Kitten Using Sponsor Backdoor

Mallox Ransomware

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Carderbee Targets Hong Kong in Supply Chain Attack

UNC4841 Targeting Government Entities with Barracuda ESG 0day

New XLoader Variant Disguised as Signed App

Go-Based Proxy Targets Windows and Mac Systems

Cuba Ransomware Used Veeam Vulnerability (CVE-2023-27532)

Monti Ransomware Linux Variant

DroxiDat Targets African Power Company

Rhysida and LockBit Observed Targeting the Healthcare Vertical

Ransomware Threats to the Healthcare Vertical

Realst MacOS Infostealer

SpyNote Targets Utility Company Customers

Wicked Panda Using WyrmSpy and DragonEgg Android Spyware

The Evolution of BPFDoor

Fin8 Using Sardonic Backdoor

PicassoLoader

Vixen Panda's Graphican Backdoor

CVE-2022-31199 Used in Truebot Attacks

Anatsa Android Banking Trojan

Condi DDoS Botnet

DcRAT Distributed Via Adult Content Themed Lures

Cadet Blizzard

Asylum Ambuscade

Cl0p Reportedly Using MOVEit 0day (CVE-2023-34362)

BlackSuit Ransomware

CosmicEnergy

Volt Typhoon Targets US Critical Infrastructure

AhRAT

BlackByte NT

Geacon - Cobalt Strike for MacOS

RedStinger Targets Critical Infrastructure

Winnti Subgroup Earth Longzhi Uses New TTPs

Reaper Uses New TTPs to Drop RokRAT

BlueNoroff's RustBucket MacOS Malware

PingPull Linux Variant

Tomiris Targets Central Asia in Espionage Campaign

Mint Sandstorm Targets US Critical Infrastructure

Goldoson Android Adware

LockBit MacOS Variant

Iranian Threat Actors Target Hybrid Environment

Rorschach Ransomware

Bitter APT Campaign Targets Energy Sector

MacStealer Targeting MacOS Devices

Nexus Android Banking Trojan

Trigonia Ransomware

CatB Ransomware

YoroTrooper Targeting Energy & Government Entities

Cyberstanc promoted to Arbiter in the PolySwarm Marketplace

Exfiltrator-22 Framework

IceFire Ransomware Linux Variant

SysUpdate Linux Variant

BlackLotus UEFI Bootkit

Parallax RAT Targeting Crypto

Royal Ransomware Linux Variant

Cl0p Linux Variant

MortalKombat Ransomware Used in Recent Campaign

ESXiArgs Ransomware

Pro-Palestine Group Targets Israeli Chemical Sector

Emotet’s New TTPs

Mimic Ransomware

Roaming Mantis Wroba.o Android Malware

Hook Android Banking Trojan

Malicious Lolip0p PyPI Packages Drop Wacatac

Fake Cracked Software Sites Delivering Stealers

Recent Turla Activity Targeting Ukraine

Consulate Health Ransomware attack

2023 Malware to Watch

PolySwarm's 2023 Analyst Predictions

Godfather Android Banking Trojan

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Russia

PolySwarm 2022 Recap - Threat Actor Activity Highlights: China

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

PolySwarm 2022 Recap - War of the Wipers

PolySwarm 2022 Recap - Threats to the Gaming Industry

2022 Recap - Mobile Malware Threat Landscape

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts