The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Hivemind

Find me on:

Recent Posts

SantaStealer

Dec 23, 2025 12:13:07 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Malware-As-A-Service, Emerging Threat, Windows Malware, credential theft, information stealer, C language malware, SantaStealer

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: BluelineStealer, ChromElevator

Read More

Multiple Threat Actors Leveraging CVE-2025-55182 (React2Shell)

Dec 19, 2025 1:24:26 PM / by The Hivemind posted in Threat Bulletin, Linux backdoor, post-exploitation activity, CVE-2025-55182, React RCE, Next.js vulnerability, KSwapDoor backdoor, Cobalt Strike Linux, EtherRAT

0 Comments

Verticals Targeted: Technology
Regions Targeted: Unspecified
Related Families: KSwapDoor, EtherRAT, Noodle RAT, SNOWLIGHT, VShell, Cobalt Strike, XMRig, Mirai, Others

Read More

MuddyWater's UDPGangster Backdoor

Dec 15, 2025 2:04:50 PM / by The Hivemind posted in Threat Bulletin, anti-analysis techniques, Phishing Campaigns, cyber espionage, VBA macros, UDPGangster, UDP backdoor

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Turkey, Israel, Azerbaijan
Related Families: Phoenix

Read More

A New Variant of ClayRAT Transmutes

Dec 12, 2025 2:03:27 PM / by The Hivemind posted in Threat Bulletin, accessibility service abuse, lockscreen bypass, ClayRAT, Android Spyware, MediaProjection API, screen recording malware

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Russia
Related Families: Previous ClayRAT variants

Executive Summary

The ClayRAT Android spyware family has returned with a markedly more sophisticated variant that heavily weaponizes Android Accessibility Services and Default SMS privileges to achieve near-complete device takeover. New capabilities include automated lock-screen credential theft, persistent screen recording, programmable overlays, and interactive fake notifications designed to phish user replies.

Read More

Albiriox Android Malware

Dec 8, 2025 1:43:05 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, on-device fraud, overlay attacks, Android banking trojan, MaaS Malware, Mobile RAT, Android Overlay Attacks, Golden Crypt, Albiriox, Russian-speaking Threat Actors

0 Comments

Verticals Targeted: Financial, Cryptocurrency
Regions Targeted: Austria, Global
Related Families: None

Read More

APT24’s BadAudio

Dec 5, 2025 2:11:03 PM / by The Hivemind posted in Threat Bulletin, Phishing Campaigns, Pitty Panda, BadAudio, PRC cyber espionage, APT24, supply chain compromise, strategic web compromise, Cobalt Strike Beacon

0 Comments

Verticals Targeted: Digital Marketing, Industrial Sectors, Recreational Goods, Animal Rescue Organizations
Regions Targeted: Taiwan
Related Families: Cobalt Strike

Read More

DigitStealer MacOS Infostealer

Dec 1, 2025 1:47:01 PM / by The Hivemind posted in Threat Bulletin, cryptocurrency stealers, DigitStealer, Ledger Live tampering, macOS security bypass, LaunchAgent persistence, anti-VM checks, macOS infostealer, JXA malware, Apple Silicon evasion

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None

Executive Summary

DigitStealer is a highly evasive macOS information stealer that executes almost entirely in memory, leverages JavaScript for Automation (JXA) and AppleScript, and employs novel hardware-based anti-analysis checks targeting Apple Silicon M2 and newer devices. The campaign demonstrates increasing adversary sophistication through multi-stage payload delivery and abuse of legitimate infrastructure.

Read More

Lazarus Group's ScoringMathTea RAT

Nov 24, 2025 1:55:16 PM / by The Hivemind posted in Threat Bulletin, Reflective DLL Injection, Gotta Fly campaign, Lazarus APT, ScoringMathTea, Operation DreamJob, North Korea Cyberespionage, API Hashing, TEA encryption

0 Comments

Verticals Targeted: Aerospace, Defense
Regions Targeted: Entities providing UAV technology to Ukraine  
Related Families: None

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More