The PolySwarm Blog

Executive Summary

FireScam is a sophisticated Android malware family that is disguised as a Telegram Premium app. It has both infostealer and spyware capabilities.

Executive Summary

In this report, PolySwarm analysts chose fifteen standout malware families for the 2024 Malware Hall of Fame. A small selection of IOCs of our most recent samples of each family are provided as well.

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2024.

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Iran-based threat actors in 2024.

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2024.

Verticals Targeted: Manufacturing, Finance, Transportation, Legal Services, Healthcare, Defense, Business Services

Executive Summary

Black Basta is a ransomware group that rose in the aftermath of the dissolution of Conti ransomware in 2022. In recent months, Black Basta has begun using tactics that are reminiscent of nation-state threat actor tactics and has shifted from opportunistic targeting to more refined, strategic targeting.

Related Families: Demodex
Verticals Targeted: Telecommunications 

Executive Summary

Salt Typhoon, a China nexus APT group, was recently observed using GhostSpider backdoor to target telecommunications companies.

Related Families: WhiteSnake, Meduza
Verticals Targeted: Finance, Business Administration

Executive Summary

BabbleLoader is a new stealthy, metamorphic loader that was recently observed delivering stealers, including WhiteSnake and Meduza.