The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Ebury Compromised 400K Linux Servers

May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect

0 Comments

Related Families: HelimodSteal, HelimodProxy, HelimodRedirect

Executive Summary

A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.

Read More

Evasive Panda's Nightdoor Backdoor

Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot

0 Comments

Related Families: MgBot

Executive Summary

Evasive Panda was recently observed targeting Tibetans using a combination of strategic web compromise and supply chain attacks to deliver Nightdoor.

Read More

KrustyLoader Backdoor

Mar 11, 2024 3:09:11 PM / by The Hivemind posted in Threat Bulletin, Windows, Linux, Backdoor, KrustyLoader, Avanti, UNC5221

0 Comments

Verticals Targeted: Government, Defense, Finance, Technology, Telecommunications, Aerospace, Pharmaceuticals  

Executive Summary

Multiple industry sources recently reported on KrustyLoader, a Rust-based backdoor with both Windows and Linux variants.

Read More

RustDoor MacOS Backdoor

Feb 26, 2024 11:51:18 AM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Backdoor, MacOS, Mac, Apple, RustDoor, GateDoor

0 Comments

Related Families: GateDoor
Verticals Targeted: Cryptocurrency

Executive Summary

RustDoor is a new MacOS backdoor written in Rust. RustDoor was observed targeting companies in the cryptocurrency sector.

Read More

PurpleFox Botnet Targeting Entities in Ukraine

Feb 16, 2024 11:44:26 AM / by The Hivemind posted in Ukraine, Threat Bulletin, Backdoor, Trojan, Botnet, rootkit, Exploit Kit, PurpleFox

0 Comments

Executive Summary

Read More

ColdRiver Using Spica Backdoor

Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver

0 Comments

Executive Summary

Russia nexus threat actor group ColdRiver was recently observed using Spica backdoor in an espionage campaign.

Read More

SpectralBlur MacOS Backdoor

Jan 19, 2024 2:03:16 PM / by The Hivemind posted in Threat Bulletin, Backdoor, MacOS, Stardust Chollima, SpectralBlur, KandyKorn

0 Comments

Related Families: KandyKorn

Executive Summary

SpectralBlur is a fairly unsophisticated backdoor targeting MacOS devices. It has been attributed to Stardust Chollima.

Read More

Xamalicious Android Backdoor

Jan 16, 2024 7:42:21 AM / by The Hivemind posted in Threat Bulletin, Android, Backdoor, Mobile, Xamalicious

0 Comments

Executive Summary

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More