The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PupkinStealer Leverages Telegram for Data Exfiltration

May 16, 2025 2:16:41 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, Emerging Threat, PupkinStealer

0 Comments

Verticals Targeted: E-commerce
Regions Targeted: Not specified
Related Families: None identified

Executive Summary

PupkinStealer, a .NET-based infostealer written in C#, targets sensitive data such as browser credentials and desktop files, exfiltrating it via Telegram’s Bot API. First observed in April 2025, its simplicity and reliance on legitimate platforms make it a notable threat.

Read More

StealC Evolves

May 12, 2025 3:01:20 PM / by The Hivemind posted in Threat Bulletin, Stealer, Evolving Threat, StealC, StealCV2, Amadey

0 Comments

Related Families: Amadey

Executive Summary

StealC V2, a sophisticated evolution of the StealC information stealer, introduces enhanced payload delivery, RC4 encryption, and a redesigned control panel, posing significant risks to organizations.

Read More

Venom Spider Using New TerraStealerV2 and TerraLogger Malware

May 9, 2025 2:17:08 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, TerraStealerV2, TerraLogger, Venom Spider

0 Comments

Related Families: VenomLNK, TerraLoader, TerraStealer, TerraTV, TerraCrypt, TerraRecon, TerraWiper, lite_more_eggs, RevC2, Venom Loader

Executive Summary

TerraStealerV2 and TerraLogger are two new malware families from Venom Spider, enhancing their Malware-as-a-Service (MaaS) platform with credential theft and keylogging capabilities. These tools, observed between January and April 2025, indicate active development but lack the sophistication of mature Venom Spider malware.

Read More

TheWizards Use Spellbinder to Conjure Lateral Movement

May 5, 2025 11:09:59 AM / by The Hivemind posted in Threat Bulletin, China, TheWizards, Spellbinder, WizardNet

0 Comments

Verticals Targeted: Gambling
Regions Targeted: Philippines, Cambodia, United Arab Emirates, China, Hong Kong
Related Families: WizardNet, DarkNights (DarkNimbus)

Executive Summary

TheWizards APT group leverages Spellbinder, a sophisticated lateral movement tool, to conduct adversary-in-the-middle (AitM) attacks, hijacking legitimate Chinese software updates to deploy the WizardNet backdoor. This activity targets gambling companies and individuals across Asia and the Middle East.

Read More

Triada Android Trojan

May 2, 2025 2:12:14 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Evolving Threat, Triada

0 Comments

Verticals Targeted: Cryptocurrency, Social Media, Communications
Regions Targeted: Russia, United Kingdom, Germany, Netherlands, Brazil
Related Families: Dwphon, MobOk

Executive Summary

The Triada trojan has evolved into a sophisticated firmware-embedded threat, targeting Android devices with custom modules to steal cryptocurrency and compromise popular applications like Telegram and WhatsApp. Its persistence and modular architecture pose significant risks to users and organizations globally.

Read More

ResolverRAT Targets Healthcare Sector

Apr 28, 2025 1:19:17 PM / by The Hivemind posted in Threat Bulletin, Healthcare, RAT, Emerging Threat, ResolverRAT

0 Comments

Verticals Targeted: Healthcare, Pharmaceutical
Regions Targeted: Language based targeting of Czech, Hindi, Indonesian, Italian, Portuguese, Turkish
Related Families: Rhadamanthys, Lumma

Executive Summary

ResolverRAT is a sophisticated remote access trojan (RAT) targeting healthcare and pharmaceutical sectors globally. Deployed via localized phishing campaigns, this previously undocumented malware employs advanced in-memory execution and evasion techniques to steal sensitive data.

Read More

Mustang Panda Emerges With New TTPs

Apr 25, 2025 1:46:23 PM / by The Hivemind posted in Threat Bulletin, China, TTPs, Mustang Panda, ToneShell, StarProxy

0 Comments

Verticals Targeted: Government, Military, NGOs
Regions Targeted: Myanmar, East Asia, Europe

Executive Summary

Mustang Panda has enhanced its arsenal with updated ToneShell backdoor variants and a new lateral movement tool, StarProxy, targeting organizations in Myanmar and other regions. These tools employ advanced evasion techniques, including FakeTLS protocols and DLL sideloading, to facilitate espionage.

Read More

Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign

Apr 21, 2025 2:15:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Cozy Bear, GRAPELOADER

0 Comments

Verticals Targeted: Government, Diplomatic Entities
Regions Targeted: Europe, Middle East 
Related Families: WINELOADER, ROOTSAW

Executive Summary

A sophisticated phishing campaign by Cozy Bear, a Russia-linked threat actor, was recently observed targeting European diplomatic entities with GRAPELOADER and WINELOADER malware.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts