The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Hivemind

Find me on:

Recent Posts

Salt Typhoon Targets Telecoms With GhostSpider

Dec 6, 2024 1:33:32 PM / by The Hivemind posted in Threat Bulletin, APT, China, Emerging Threat, Salt Typhoon, GhostSpider

0 Comments

Related Families: Demodex
Verticals Targeted: Telecommunications 

Executive Summary

Salt Typhoon, a China nexus APT group, was recently observed using GhostSpider backdoor to target telecommunications companies.

Read More

BabbleLoader

Nov 29, 2024 12:54:44 PM / by The Hivemind posted in Threat Bulletin, Loader, BabbleLoader, Meduza, WhiteSnake, Donut Loader

0 Comments

Related Families: WhiteSnake, Meduza
Verticals Targeted: Finance, Business Administration

Executive Summary

BabbleLoader is a new stealthy, metamorphic loader that was recently observed delivering stealers, including WhiteSnake and Meduza.

Read More

HellDown Ransomware Linux Variant

Nov 25, 2024 1:39:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Emerging Threat, ESXi, HellDown

0 Comments

Read More

PXA Stealer

Nov 22, 2024 1:54:18 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, PXA Stealer, Vietnam

0 Comments

Verticals Targeted: Government, Education 

Executive Summary

PXA Stealer was used in an information-stealing campaign targeting entities in the government and education sectors, located in Europe and Asia.

Read More

Ymir Ransomware

Nov 18, 2024 2:19:58 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Extortion, RustyStealer, Ymir

0 Comments

Related Families: RustyStealer

Executive Summary

Ymir is a new ransomware family that was recently observed encrypting systems previously compromised by RustyStealer. PolySwarm analysts consider Ymir to be an emerging threat.

Read More

HellCat Ransomware Targets Energy Giant Schneider Electric

Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat

0 Comments

Related Families: HellDown
Verticals Targeted: Energy

Executive Summary

HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.

Read More

ToxicPanda Android Banking Trojan

Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic

0 Comments

Related Families: TgToxic
Verticals Targeted: Financial 

Executive Summary

ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).

Read More

NotLockBit Ransomware Targets MacOS

Nov 8, 2024 1:45:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Windows, LockBit, MacOS, NotLockBit

0 Comments

Executive Summary

NotLockBit is a ransomware family that mimics LockBit. NotLockBit is unique in that it is one of the first fully functional ransomware families to target MacOS systems.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More