The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

ToxicPanda Android Banking Trojan

Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic

0 Comments

Related Families: TgToxic
Verticals Targeted: Financial 

Executive Summary

ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).

Read More

Octo2 Android Banking Trojan

Oct 7, 2024 2:06:59 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Banking Trojan, Latrodectus, Octo, ExobotCompact

0 Comments

Related Families: Exobot, ExobotCompact, Octo
Verticals Targeted: Financial

Executive Summary

Octo2, an updated version of Octo Android banking trojan, was recently observed targeting Android users in Europe.

Read More

Ajina Android Malware

Sep 23, 2024 2:03:45 PM / by The Hivemind posted in Threat Bulletin, Android, Banker, Ajina

0 Comments

Verticals Targeted: Financial 

Executive Summary

Ajina is an Android banking malware that masquerades as legitimate Android apps in order to steal banking information and intercept 2FA.

Read More

Mandrake Android Spyware

Aug 5, 2024 2:46:26 PM / by The Hivemind posted in Threat Bulletin, Android, Spyware, Mandrake, APK

0 Comments

Executive Summary

A new version of Mandrake Android spyware was observed being distributed by multiple Android APKs on the Google Play store earlier this year.

Read More

New CapraRAT Activity

Jul 12, 2024 2:44:05 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, CapraRAT, Spyware, Mobile, Surveillance

0 Comments

Executive Summary

Pakistan-based threat actor group Mythic Leopard was recently observed using new CapraRAT samples to expand their targeting.

Read More

New Medusa Android Banking Trojan Variant Discovered

Jul 1, 2024 1:28:23 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Mobile, Medusa, on-device fraud

0 Comments

Verticals Targeted: Financial 

Executive Summary

A new variant of the Android banking trojan Medusa was recently discovered. This variant boasts a smaller footprint, needs fewer device permissions, and has full-screen overlay capabilities.

Read More

Cosmic Leopard Activity Targets Windows, MacOS, & Android

Jun 17, 2024 3:15:17 PM / by The Hivemind posted in Threat Bulletin, Android, Windows, MacOS, Cosmic Leopard, GravityRAT, Operation Celestial Force, HeavyLift, GravityAdmin

0 Comments

Related Families: GravityRAT, HeavyLift, GravityAdmin
Verticals Targeted: Defense, Government, Technology 

Executive Summary

Cosmic Leopard was observed targeting Windows, MacOS, and Android devices in a series of ongoing campaigns dubbed Operation Celestial Force. The threat actors used GravityRAT and HeavyLift to target entities in India.

Read More

Brokewell Android Banking Trojan

May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell

0 Comments

Verticals Targeted: Financial

Executive Summary

Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More