The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

New CapraRAT Activity

Jul 12, 2024 2:44:05 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, CapraRAT, Spyware, Mobile, Surveillance

0 Comments

Executive Summary

Pakistan-based threat actor group Mythic Leopard was recently observed using new CapraRAT samples to expand their targeting.

Read More

New Medusa Android Banking Trojan Variant Discovered

Jul 1, 2024 1:28:23 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Mobile, Medusa, on-device fraud

0 Comments

Verticals Targeted: Financial 

Executive Summary

A new variant of the Android banking trojan Medusa was recently discovered. This variant boasts a smaller footprint, needs fewer device permissions, and has full-screen overlay capabilities.

Read More

Cosmic Leopard Activity Targets Windows, MacOS, & Android

Jun 17, 2024 3:15:17 PM / by The Hivemind posted in Threat Bulletin, Android, Windows, MacOS, Cosmic Leopard, GravityRAT, Operation Celestial Force, HeavyLift, GravityAdmin

0 Comments

Related Families: GravityRAT, HeavyLift, GravityAdmin
Verticals Targeted: Defense, Government, Technology 

Executive Summary

Cosmic Leopard was observed targeting Windows, MacOS, and Android devices in a series of ongoing campaigns dubbed Operation Celestial Force. The threat actors used GravityRAT and HeavyLift to target entities in India.

Read More

Brokewell Android Banking Trojan

May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell

0 Comments

Verticals Targeted: Financial

Executive Summary

Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.

Read More

Vultur Android Malware

Apr 5, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, Android, Brunhilda, Vultur, Mobile, Banker

0 Comments

Related Families: Brunhilda
Verticals Targeted: Financial 

Read More

VajraSpy Android Spyware

Feb 20, 2024 12:02:15 PM / by The Hivemind posted in Threat Bulletin, APT, Android, Malware, Spyware, Mobile, VajraSpy

0 Comments

Executive Summary

Read More

Xamalicious Android Backdoor

Jan 16, 2024 7:42:21 AM / by The Hivemind posted in Threat Bulletin, Android, Backdoor, Mobile, Xamalicious

0 Comments

Executive Summary

Read More

SecuriDropper Android Malware

Nov 17, 2023 1:27:39 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Ermac, SpyNote, SecuriDropper, Dropper-as-a-service

0 Comments

Related Families: SpyNote, Ermac

Executive Summary

SecuriDropper is a widely distributed dropper-as-a-service that bypasses Android Restricted Settings.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More