The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Triada Android Trojan

May 2, 2025 2:12:14 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Evolving Threat, Triada

0 Comments

Verticals Targeted: Cryptocurrency, Social Media, Communications
Regions Targeted: Russia, United Kingdom, Germany, Netherlands, Brazil
Related Families: Dwphon, MobOk

Executive Summary

The Triada trojan has evolved into a sophisticated firmware-embedded threat, targeting Android devices with custom modules to steal cryptocurrency and compromise popular applications like Telegram and WhatsApp. Its persistence and modular architecture pose significant risks to users and organizations globally.

Read More

Crocodilus Android Banking Trojan

Apr 7, 2025 1:41:20 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banking Trojan, Emerging Threat, Crocodilus

0 Comments

Verticals Targeted: Financial

Executive Summary

Crocodilus is a newly identified Android banking Trojan that exhibits advanced device-takeover capabilities and targets financial institutions and cryptocurrency wallets. Already operational in Spain and Turkey, this malware showcases a mature feature set that challenges traditional defenses, marking a significant evolution in mobile threats.

Read More

Ricochet Chollima Using KoSpy Android Spyware

Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37

0 Comments

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.

Read More

FireScam Android Malware

Jan 10, 2025 1:36:56 PM / by The Hivemind posted in Threat Bulletin, Android, Stealer, Spyware, FireScam

0 Comments

Executive Summary

FireScam is a sophisticated Android malware family that is disguised as a Telegram Premium app. It has both infostealer and spyware capabilities.

Read More

ToxicPanda Android Banking Trojan

Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic

0 Comments

Related Families: TgToxic
Verticals Targeted: Financial 

Executive Summary

ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).

Read More

Octo2 Android Banking Trojan

Oct 7, 2024 2:06:59 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Banking Trojan, Latrodectus, Octo, ExobotCompact

0 Comments

Related Families: Exobot, ExobotCompact, Octo
Verticals Targeted: Financial

Executive Summary

Octo2, an updated version of Octo Android banking trojan, was recently observed targeting Android users in Europe.

Read More

Ajina Android Malware

Sep 23, 2024 2:03:45 PM / by The Hivemind posted in Threat Bulletin, Android, Banker, Ajina

0 Comments

Verticals Targeted: Financial 

Executive Summary

Ajina is an Android banking malware that masquerades as legitimate Android apps in order to steal banking information and intercept 2FA.

Read More

Mandrake Android Spyware

Aug 5, 2024 2:46:26 PM / by The Hivemind posted in Threat Bulletin, Android, Spyware, Mandrake, APK

0 Comments

Executive Summary

A new version of Mandrake Android spyware was observed being distributed by multiple Android APKs on the Google Play store earlier this year.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More