The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Charon Ransomware Targets Middle East

Aug 18, 2025 1:56:06 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Charon ransomware, Earth Baxia, APT techniques, process injection, anti-EDR, DLL sideloading, Middle East cyber attacks, public sector malware, aviation industry threats, ransomware defense

0 Comments

Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None

Executive Summary

Charon is a new ransomware family employing advanced APT-style techniques, targeting Middle Eastern public sector and aviation organizations with tailored ransom demands. Its sophisticated attack chain, including DLL sideloading and process injection, underscores the growing convergence of ransomware and APT tactics.

Read More

Gunra Ransomware

Aug 11, 2025 2:41:54 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Evolving Threat, Data Exfiltration, Gunra Ransomware, Linux Ransomware Variant, Multi-Thread Encryption, Partial Encryption, Cross-Platform Ransomware, Conti-Inspired, Ransomware Analysis, Gunra Group, Enterprise Targeting

0 Comments

Verticals Targeted: Government, Healthcare, Manufacturing, Transportation, Law and Consulting, IT, Agriculture
Regions Targeted: Brazil, Japan, Canada, Turkey, South Korea, Taiwan, United States
Related Families: Conti

Executive Summary

Gunra ransomware has debuted a Linux variant that boosts encryption speed and flexibility, signaling a shift toward broader cross-platform attacks following its initial Windows campaigns.

Read More

CastleLoader

Aug 8, 2025 11:51:37 AM / by The Hivemind posted in Threat Bulletin, Phishing, Redline, Emerging Threat, PowerShell, StealC, ClickFix, CastleLoader, GitHub, DeerStealer, malware loader, NetSupport RAT

0 Comments

Verticals Targeted: Government
Regions Targeted: US
Related Families: StealC, RedLine, NetSupport RAT, DeerStealer, HijackLoader, SectopRAT

Executive Summary

CastleLoader, a versatile malware loader, has infected 469 devices since May 2025, leveraging Cloudflare-themed ClickFix phishing and fake GitHub repositories to deliver information stealers and RATs. Its sophisticated attack chain, high infection rate, and modular design make it a significant threat to organizations, particularly U.S. government entities.

Read More

Active Exploitation of "ToolShell" Vulnerabilities Targets Microsoft SharePoint Servers

Aug 4, 2025 2:55:02 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, SharePoint vulnerabilities, CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, CVE-2025-53771, Chinese nation-state actors, web shell deployment, Linen Typhoon, Violet Typhoon, Storm-2603, on-premises exploitation, MachineKey theft, ToolShell

0 Comments

Verticals Targeted: Government, Defense, NGOs, Think Tanks, Education, Media, Financial, Healthcare
Regions Targeted: US, Europe, East Asia, Africa 
Related Families: Warlock, LockBit

Executive Summary

Microsoft has disclosed active exploitation of critical vulnerabilities in on-premises SharePoint servers by Chinese threat actors, urging immediate patching and additional mitigations to prevent unauthorized access and data theft.

Read More

BERT Ransomware

Jul 11, 2025 2:02:09 PM / by The Hivemind posted in Threat Bulletin, Europe, REvil, Healthcare, Asia, Babuk, Technology, Emerging Threat, PowerShell, Evolving Threat, Event Services, United States, BERT ransomware

0 Comments

Verticals Targeted: Healthcare, Technology
Regions Targeted: Asia, Europe, United States
Related Families: REvil, Babuk

Read More

EDDIESTEALER

Jun 9, 2025 12:29:15 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Data Theft, social engineering, Emerging Threat, EDDIESTEALER, Rust Malware, CAPTCHA Campaign, ClickFix, PowerShell Attack, ChromeKatz, Cybersecurity

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None

Executive Summary

EDDIESTEALER is a Rust-based infostealer distributed through deceptive CAPTCHA campaigns, leveraging social engineering to steal sensitive data like credentials and cryptocurrency wallet details. Its advanced obfuscation and ChromeKatz integration highlight the growing sophistication of commodity malware.

Read More

Nitrogen Ransomware Targets Financial Vertical

May 27, 2025 12:16:27 PM / by The Hivemind posted in Threat Bulletin, Financial, Ransomware, Emerging Threat, Nitrogen

0 Comments

Verticals Targeted: Finance, Construction, Manufacturing, Technology
Regions Targeted: US, UK, Canada
Related Families: Cobalt Strike, Meterpreter

Read More

PupkinStealer Leverages Telegram for Data Exfiltration

May 16, 2025 2:16:41 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, Emerging Threat, PupkinStealer

0 Comments

Verticals Targeted: E-commerce
Regions Targeted: Not specified
Related Families: None identified

Executive Summary

PupkinStealer, a .NET-based infostealer written in C#, targets sensitive data such as browser credentials and desktop files, exfiltrating it via Telegram’s Bot API. First observed in April 2025, its simplicity and reliance on legitimate platforms make it a notable threat.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More