The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Hivemind

Find me on:

Recent Posts

New Chaos RAT Variants Observed

Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified

Executive Summary

New variants of Chaos RAT, an open-source remote administration tool (RAT) first observed in 2022, have been identified. The new variants target both Windows and Linux systems through sophisticated phishing campaigns. This evolving malware deploys cryptominers, steals sensitive data, and establishes persistent control over infected devices.

Read More

Russia Targets Ukraine Critical Infrastructure With PathWiper

Jun 13, 2025 2:33:09 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, HermeticWiper, PathWiper, Wiper Malware, Ukraine Cyberattack, Russia APT, Endpoint Security, Cyber Warfare, Data Destruction, Administrative Console

0 Comments

Verticals Targeted: Critical infrastructure
Regions Targeted: Ukraine
Related Families: HermeticWiper (aka FoxBlade, NEARMISS)

Executive Summary

PathWiper is a new wiper malware deployed by a Russia-linked APT, targeting Ukraine’s critical infrastructure with destructive intent. The attack leveraged a legitimate endpoint administration framework, highlighting the persistent cyber threat to Ukraine amid ongoing conflict.

Read More

EDDIESTEALER

Jun 9, 2025 12:29:15 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Data Theft, social engineering, Emerging Threat, EDDIESTEALER, Rust Malware, CAPTCHA Campaign, ClickFix, PowerShell Attack, ChromeKatz, Cybersecurity

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None

Executive Summary

EDDIESTEALER is a Rust-based infostealer distributed through deceptive CAPTCHA campaigns, leveraging social engineering to steal sensitive data like credentials and cryptocurrency wallet details. Its advanced obfuscation and ChromeKatz integration highlight the growing sophistication of commodity malware.

Read More

Wicked Panda Targets Government Entities, Uses Google Calendar for C2

Jun 6, 2025 2:50:40 PM / by The Hivemind posted in Threat Bulletin, APT41, Wicked Panda, TOUGHPROGRESS malware, Google Calendar C2, Spear Phishing, Government Cyberattack, Chinese Cyber Espionage, Cloud Service Abuse, Malware Analysis, Data Exfiltration

0 Comments

Verticals Targeted: Government
Regions Targeted: Not specified
Related Families: VOLDEMORT, DUSTTRAP

Executive Summary

Wicked Panda, a Chinese state-sponsored threat actor, deployed TOUGHPROGRESS malware, exploiting Google Calendar for stealthy command-and-control operations targeting government entities. This campaign underscores the group’s innovative abuse of cloud services to evade detection and maintain persistent access.  

Read More

PumaBot Linux Botnet Targets IoT Surveillance Devices

Jun 2, 2025 1:05:28 PM / by The Hivemind posted in IoT botnet attack, Go-based botnet, SSH brute-force malware, cryptocurrency mining botnet, Linux IoT security, PumaBot malware

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: ddaemon

Read More

Chinese Threat Actors Leverage CVE-2025-0994 to Attack US Government Networks

May 30, 2025 2:12:44 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, CVE-2025-0994, UAT-6382, TetraLoader

0 Comments

Verticals Targeted: Government, Utilities
Regions Targeted: US
Related Families: TetraLoader, Cobalt Strike, VShell, AntSword, chinatso/Chopper, Behinder

Read More

Nitrogen Ransomware Targets Financial Vertical

May 27, 2025 12:16:27 PM / by The Hivemind posted in Threat Bulletin, Financial, Ransomware, Emerging Threat, Nitrogen

0 Comments

Verticals Targeted: Finance, Construction, Manufacturing, Technology
Regions Targeted: US, UK, Canada
Related Families: Cobalt Strike, Meterpreter

Read More

Fancy Bear's SpyPress Malware

May 23, 2025 1:41:42 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, Fancy Bear, SpyPress, Operation RoundPress

0 Comments

Verticals Targeted: Government, Defense
Regions Targeted: Ukraine, Bulgaria, Romania, Africa, EU, South America
Related Families: None specified

Executive Summary

Operation RoundPress, a Russia-aligned cyberespionage campaign attributed to Fancy Bear, deploys SpyPress malware via cross-site scripting (XSS) vulnerabilities to steal sensitive email data from high-value webmail servers. Active since 2023 and expanding in 2024, the campaign primarily targets Ukrainian government entities and Eastern European defense contractors, exploiting zero-day and known vulnerabilities across platforms like Roundcube, Horde, MDaemon, and Zimbra.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts