The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Hivemind

Find me on:

Recent Posts

GhostLocker Ransomware

Jul 5, 2024 2:05:23 PM / by The Hivemind posted in Threat Bulletin, Ransomware, GhostLocker, GhostSec, Stormous

0 Comments

Verticals Targeted: Technology, Education, Manufacturing, Transportation, Government

Executive Summary

GhostLocker, a ransomware family that has been in the wild since late 2023, is now under new management. Stormous, the new GhostLocker operators, have stated they are updating the program and will offer some ransomware services for free.

Read More

New Medusa Android Banking Trojan Variant Discovered

Jul 1, 2024 1:28:23 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Mobile, Medusa, on-device fraud

0 Comments

Verticals Targeted: Financial 

Executive Summary

A new variant of the Android banking trojan Medusa was recently discovered. This variant boasts a smaller footprint, needs fewer device permissions, and has full-screen overlay capabilities.

Read More

FickleStealer

Jun 28, 2024 3:08:23 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, FickleStealer

0 Comments

Executive Summary

FickleStealer is a Rust-based stealer that targets Windows devices. It is distributed in a variety of ways and steals information, likely with the intent of using the information for follow-on attacks.

Read More

BadSpace Backdoor

Jun 25, 2024 1:23:38 PM / by The Hivemind posted in Threat Bulletin, Backdoor, BadSpace, WarmCookie, SocGholish

0 Comments

Executive Summary

BadSpace, also known as WarmCookie, is a novel backdoor delivered via a multistage attack leveraging infected websites.

Read More

DISGOMOJI Linux RAT Controlled Via Discord Emojis

Jun 24, 2024 3:02:07 PM / by The Hivemind posted in Threat Bulletin, Espionage, India, Pakistan, Government, RAT, Discord, DISGOMOJI

0 Comments

Verticals Targeted: Government

Executive Summary

DISGOMOJI is a RAT controlled via emojis sent over Discord. It was recently observed targeting government entities in India.

Read More

Cosmic Leopard Activity Targets Windows, MacOS, & Android

Jun 17, 2024 3:15:17 PM / by The Hivemind posted in Threat Bulletin, Android, Windows, MacOS, Cosmic Leopard, GravityRAT, Operation Celestial Force, HeavyLift, GravityAdmin

0 Comments

Related Families: GravityRAT, HeavyLift, GravityAdmin
Verticals Targeted: Defense, Government, Technology 

Executive Summary

Cosmic Leopard was observed targeting Windows, MacOS, and Android devices in a series of ongoing campaigns dubbed Operation Celestial Force. The threat actors used GravityRAT and HeavyLift to target entities in India.

Read More

RansomHub

Jun 14, 2024 2:22:45 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight

0 Comments

Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government

Executive Summary

RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.

Read More

TargetCompany Ransomware Linux Variant

Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi

0 Comments

Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications

Executive Summary

A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More