The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Ebury Compromised 400K Linux Servers

Black Basta Targeting Critical Infrastructure

Cuckoo: Part Infostealer, Part Spyware

Cuttlefish Targeting SOHO Routers

Brokewell Android Banking Trojan

CoralRaider's Stealer Spree

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Operation MidnightEclipse Leverages CVE-2024-3400



INC Ransomware

Vultur Android Malware

StrelaStealer Campaign Targeted US and EU

AcidPour Wiper Targets Linux x86 Devices

BunnyLoader 3.0

Evasive Panda's Nightdoor Backdoor

RA World Ransomware Targets Healthcare Entities

Phobos Targeting Critical Infrastructure

KrustyLoader Backdoor

Rhadamanthys Targeting ONG Sector

Ensuring a Secure Workforce: Vital Security Measures for Corporations

A Brief History of LockBit

Mustang Panda Used DOPLUGS PlugX Variant to Target Asia

RustDoor MacOS Backdoor

ALPHV Targeting ONG, Critical Infrastructure Entities

Strengthen Your Online Security: The Power of Two-Factor Authentication

VajraSpy Android Spyware

PurpleFox Botnet Targeting Entities in Ukraine

Faust Ransomware

New Zloader Variant Discovered

Cactus Ransomware

ColdRiver Using Spica Backdoor


Volt Typhoon's KV-Botnet

SpectralBlur MacOS Backdoor

Xamalicious Android Backdoor

Fancy Bear Campaign Leverages New Malware

PolySwarm's 2024 Malware to Watch

2023 Recap - Cyber Threats to the Energy Vertical

2023 Recap - Malware Trends and Observations

2023 Recap - Malware Hall of Fame

2023 Recap - Threat Actor Activity Highlights - North Korea

2023 Recap - Cyber Activity in the Gaza Conflict

2023 Recap - Cyberwar and Hacktivism in the Russia-Ukraine Conflict

Kinsing Exploiting CVE-2023-46604


Rhysida On The Rampage

C3RB3R Exploiting CVE-2023-22518

SecuriDropper Android Malware

New MOVEit Activity

BiBi-Linux Wiper

MOIS Affiliated Threat Actor Using Liontail Framework


Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Akira Ransomware

Qakbot Threat Actors Distributing Ransom Knight And Remcos

Mirai IZ1H9



Stealth Falcon's Deadglyph Backdoor

New BBTok Variant

ShroudedSnooper Targeting Telecommunications in the Middle East

Earth Lusca's SprySOCKS Linux Backdoor

ALPHV Hacks MGM Grand

Charming Kitten Using Sponsor Backdoor

Mallox Ransomware

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Carderbee Targets Hong Kong in Supply Chain Attack

UNC4841 Targeting Government Entities with Barracuda ESG 0day

New XLoader Variant Disguised as Signed App

Go-Based Proxy Targets Windows and Mac Systems

Cuba Ransomware Used Veeam Vulnerability (CVE-2023-27532)

Monti Ransomware Linux Variant

DroxiDat Targets African Power Company

Rhysida and LockBit Observed Targeting the Healthcare Vertical

Ransomware Threats to the Healthcare Vertical

Realst MacOS Infostealer

SpyNote Targets Utility Company Customers

Wicked Panda Using WyrmSpy and DragonEgg Android Spyware

The Evolution of BPFDoor

Fin8 Using Sardonic Backdoor


Vixen Panda's Graphican Backdoor

CVE-2022-31199 Used in Truebot Attacks

Anatsa Android Banking Trojan

Condi DDoS Botnet

DcRAT Distributed Via Adult Content Themed Lures

Cadet Blizzard

Asylum Ambuscade

Cl0p Reportedly Using MOVEit 0day (CVE-2023-34362)

BlackSuit Ransomware


Volt Typhoon Targets US Critical Infrastructure


BlackByte NT

Geacon - Cobalt Strike for MacOS

RedStinger Targets Critical Infrastructure

Winnti Subgroup Earth Longzhi Uses New TTPs

Reaper Uses New TTPs to Drop RokRAT

BlueNoroff's RustBucket MacOS Malware

PingPull Linux Variant

Tomiris Targets Central Asia in Espionage Campaign

Mint Sandstorm Targets US Critical Infrastructure

Goldoson Android Adware

LockBit MacOS Variant

Iranian Threat Actors Target Hybrid Environment

Rorschach Ransomware

Bitter APT Campaign Targets Energy Sector

MacStealer Targeting MacOS Devices

Nexus Android Banking Trojan

Trigonia Ransomware

CatB Ransomware

YoroTrooper Targeting Energy & Government Entities

Cyberstance promoted to Arbiter in the PolySwarm Marketplace

Exfiltrator-22 Framework

IceFire Ransomware Linux Variant

SysUpdate Linux Variant

BlackLotus UEFI Bootkit

Parallax RAT Targeting Crypto

Royal Ransomware Linux Variant

Cl0p Linux Variant

MortalKombat Ransomware Used in Recent Campaign

ESXiArgs Ransomware

Pro-Palestine Group Targets Israeli Chemical Sector

Emotet’s New TTPs

Mimic Ransomware

Roaming Mantis Wroba.o Android Malware

Hook Android Banking Trojan

Malicious Lolip0p PyPI Packages Drop Wacatac

Fake Cracked Software Sites Delivering Stealers

Recent Turla Activity Targeting Ukraine

Consulate Health Ransomware attack

2023 Malware to Watch

PolySwarm's 2023 Analyst Predictions

Godfather Android Banking Trojan

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Russia

PolySwarm 2022 Recap - Threat Actor Activity Highlights: China

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

PolySwarm 2022 Recap - War of the Wipers

PolySwarm 2022 Recap - Threats to the Gaming Industry

2022 Recap - Mobile Malware Threat Landscape

W4SP Infostealer

Royal Ransomware

Malware Leverages CAPTCHA to Bypass Browser Warning

Phishing and Android Malware Campaign Targets Indian Banks

Azov Ransomware Built to Wipe Data

Recent Threats to the Healthcare Vertical

Android Droppers on Google Play Store Distribute Banking Trojans

Winnti Targets Hong Kong With Spyder Loader

Prestige Ransomware

SideWinder WarHawk Backdoor

Cyber Threats to Aviation and Aerospace

Earth Aughisky's Malware Arsenal

Emotet Observed Using New TTPs

RatMilad Android Spyware

Harly Android Trojan Subscriber

North Korean Threat Actors Living Off the Land

NullMixer Drops Multiple Malware Families

SideWalk Linux Variant

Deadbolt Ransomware

BianLian Ransomware

New Armageddon Activity Targets Ukraine

Kimsuky GoldDragon C2 Cluster

Shikitega Linux Malware

DarkAngels Linux Ransomware

Charming Kitten Hyperscrape Tool

Agenda Ransomware

Lightning Framework


Bumblebee Loader

RapperBot Targets IoT

Mars Stealer Malware Targeting Crypto

Woody RAT Targets Russia

Manjusaka Framework

Luca Stealer

Lilith Ransomware

Raspberry Robin

PennyWise Infostealer Targets Crypto and Browsers

APT 29 Using Brute Ratel

Recent Ransomware Threats to Healthcare

HavanaCrypt Distributed Via Fake Google Software Update

Lockbit 3.0

New Hive Ransomware Rust Variant

SessionManager Targets Governments and NGOs

Black Basta Ransomware

Cerber2021 Targets Windows and Linux

PingPull Targets Telecom, Government, and Financial Verticals

Lyceum .NET DNS Backdoor “DnsSystem”

Symbiote Linux Malware

Pymafka Targets macOS, Windows, Linux

Enemybot IoT Malware

Follina MSDT Vulnerability (CVE-2022-30190)

PolySwarms New Hunt Functionality

New ArguePatch Variant Spotted

Cryware Targets Crypto Wallets

Space Pirates Target Russian Aerospace

BPFDoor Targets Linux Systems

Armageddon Leverages New Pterodo Variants

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts