The PolySwarm Blog

Related Families: AISURU

Executive Summary

AIRASHI is a variant of the AISURU botnet that has been active since at least late 2024. It is in active development and has the capability to conduct large-scale DDoS attacks.

Verticals Targeted: Government, Insurance, Real Estate, Healthcare, Manufacturing, Legal Services, Construction, Retail, Business Services, Energy, Education, Telecommunications, Software, Hospitality, Transportation, Financial 

Executive Summary

Medusa ransomware is a RaaS that has been active since at least 2023. Medusa has claimed several victims so far in 2025, including UK’s Gateshead Council.

Verticals Targeted: Government, Business Services, Education, Insurance, Software, Media, Finance, Agriculture, Manufacturing, Construction, Healthcare, Retail

Executive Summary

Banshee is a stealer that targets MacOS systems. The latest variant of Banshee uses a string encryption algorithm that is the same as the one used in Apple’s Xprotect antivirus engine for MacOS systems.

Executive Summary

An infostealer, dubbed “FakePOC”, was recently observed masquerading as an LDAPNightmare proof of concept (PoC) exploit.

Executive Summary

FireScam is a sophisticated Android malware family that is disguised as a Telegram Premium app. It has both infostealer and spyware capabilities.

Executive Summary

In this report, PolySwarm analysts chose fifteen standout malware families for the 2024 Malware Hall of Fame. A small selection of IOCs of our most recent samples of each family are provided as well.

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report provides highlights of activity perpetrated by Russia-based threat actors in 2024.