The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF

0 Comments

Executive Summary

Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.

Read More

SpyNote Targets Utility Company Customers

Aug 4, 2023 2:38:03 PM / by The Hivemind posted in Threat Bulletin, Android, Critical Infrastructure, Mobile, Energy, Utilities, SpyNote

0 Comments

Verticals Targeted: Utilities, Energy, Water, Critical Infrastructure

Read More

Wicked Panda Using WyrmSpy and DragonEgg Android Spyware

Jul 31, 2023 2:33:15 PM / by The Hivemind posted in Threat Bulletin, Android, Wicked Panda, Mobile, DragonEgg, WyrmSpy

0 Comments

Executive Summary

Read More

Anatsa Android Banking Trojan

Jul 3, 2023 12:37:11 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Banking Trojan, Anatsa

0 Comments

Verticals Targeted: Financial 

Executive Summary

Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.

Read More

AhRAT

Jun 2, 2023 2:04:00 PM / by The Hivemind posted in Espionage, Android, RAT, AhMyth, AhRAT

0 Comments

Related Families: AhMyth

Executive Summary

AhRAT, an Android RAT, was disguised as the iRecorder app. This malicious version of the iRecorder app is capable of recording audio and exfiltrating files from a victim’s device.

Read More

Goldoson Android Adware

Apr 28, 2023 2:51:23 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Goldoson, Adware

0 Comments


Executive Summary

Goldoson, a privacy-invasive and clicker adware, was recently discovered in several popular Android apps in South Korea. It generates revenue for the threat actors via fraudulent recursive visits to hidden ads on the infected device.

Read More

Nexus Android Banking Trojan

Apr 4, 2023 3:28:28 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, Trojan, Botnet, Mobile, POISON, Nexus, Banker, SOVA

0 Comments

Related Families: SOVA
Verticals Targeted: Financial, Cryptocurrency 

Read More

Roaming Mantis Wroba.o Android Malware

Feb 3, 2023 1:20:46 PM / by The Hivemind posted in Threat Bulletin, Android, Shaoye, Xloader, Roaming Mantis, DNS, Wroba.o

0 Comments

Related Families: Wroba.o, Xloader

Executive Summary

Kaspersky SecureList recently reported on a Roaming Mantis campaign using Wroba.o with DNS hijacking to infect routers and Android devices.

Key Takeaways

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More