The PolySwarm Blog

Verticals Targeted: Consumer Electronics, Residential Networks
Regions Targeted: Brazil, India, United States, Vietnam, Saudi Arabia, Russia, Argentina, South Africa, Philippines, Mexico, Thailand, Indonesia, Morocco, Turkey, Iraq, Pakistan, China
Related Families: Aisuru

Executive Summary

Security researchers have detailed the Kimwolf botnet, a massive Android-based network exceeding 1.8 million infected devices, primarily TV boxes, enabling DDoS attacks, proxy services, and other malicious activities through exploitation of residential proxy networks and device vulnerabilities. This threat demonstrates rapid growth and resilience, leveraging advanced evasion techniques to maintain control and monetize infections.

Verticals Targeted: Legal Services, Software, Business Services, Technology
Regions Targeted: US
Related Families: BRICKSTEAL, SLAYSTYLE 

Executive Summary

The BRICKSTORM backdoor, attributed to the suspected China-nexus threat cluster UNC5221, has been actively targeting U.S. organizations in the legal, SaaS, BPO, and technology sectors since March 2025, enabling prolonged espionage with an average dwell time of 393 days. This sophisticated malware leverages zero-day exploits and stealthy techniques to maintain persistent access, evade detection, and steal sensitive data, posing significant risks to critical infrastructure.

Verticals Targeted: Financial, Enterprises
Regions Targeted: Not specified
Related Families: Ermac, Brokewell

Executive Summary

Hook Version 3 is an advanced Android banking trojan with ransomware, phishing, and lockscreen bypass capabilities, posing significant risks to financial institutions and enterprises. Its distribution via phishing websites and GitHub amplifies its reach, necessitating robust mobile threat defenses.

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: AHK Bot, Skitnet/Bossnet

Verticals Targeted: Government, Healthcare, Manufacturing, Transportation, Law and Consulting, IT, Agriculture
Regions Targeted: Brazil, Japan, Canada, Turkey, South Korea, Taiwan, United States
Related Families: Conti

Executive Summary

Gunra ransomware has debuted a Linux variant that boosts encryption speed and flexibility, signaling a shift toward broader cross-platform attacks following its initial Windows campaigns.

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Campaigns abusing the CaramelAds SDK

Executive Summary

Konfety, a longstanding mobile malware, has resurfaced with enhanced evasion capabilities, including dynamic code loading and multi-layered obfuscation, to facilitate ad fraud while evading detection on Android devices. This evolution underscores the persistent challenge of concealed malicious logic in mobile applications, demanding advanced scrutiny from security teams.

Verticals Targeted: Cryptocurrency, Freelancers, Artists
Regions Targeted: United States, France, Italy, United Kingdom, Canada, others
Related Families: None

Verticals Targeted: IT, software development  
Regions Targeted: None specified
Related Families: None

Executive Summary

A new variant of the macOS.ZuRu malware, first identified in 2021, was discovered, leveraging a trojanized Termius application to deploy a modified Khepri C2 beacon, targeting developers and IT professionals. This sophisticated backdoor employs advanced techniques to evade detection and establish persistent remote access.