Related Families: Amadey
Related Families: VenomLNK, TerraLoader, TerraStealer, TerraTV, TerraCrypt, TerraRecon, TerraWiper, lite_more_eggs, RevC2, Venom Loader
Executive Summary
TerraStealerV2 and TerraLogger are two new malware families from Venom Spider, enhancing their Malware-as-a-Service (MaaS) platform with credential theft and keylogging capabilities. These tools, observed between January and April 2025, indicate active development but lack the sophistication of mature Venom Spider malware.
Verticals Targeted: Cryptocurrency, Social Media, Communications
Regions Targeted: Russia, United Kingdom, Germany, Netherlands, Brazil
Related Families: Dwphon, MobOk
Executive Summary
The Triada trojan has evolved into a sophisticated firmware-embedded threat, targeting Android devices with custom modules to steal cryptocurrency and compromise popular applications like Telegram and WhatsApp. Its persistence and modular architecture pose significant risks to users and organizations globally.
Verticals Targeted: Maritime, Nuclear
Executive Summary
SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.
Related Families: ValleyRAT
Verticals Targeted: Medical
Executive Summary
Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.
Related Families: RIG, Fallout EK
Executive Summary
SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.
Verticals Targeted: Financial
Executive Summary
Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.
Related Families: AISURU