Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Campaigns abusing the CaramelAds SDK
Konfety Android Malware
Jul 28, 2025 3:08:29 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Konfety malware, Android evasion techniques, ad fraud operations, secondary DEX files, runtime injection, mobile security analysis, hidden APK components, mobile threat evolution, dynamic code loading, malware obfuscation
Atomic Stealer Evolves
Jul 25, 2025 2:47:25 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Evolving Threat, Spear Phishing, Cryptocurrency Theft, macOS security, Atomic macOS Stealer, AMOS malware, macOS backdoor, persistent access, Moonlock cybersecurity
Verticals Targeted: Cryptocurrency, Freelancers, Artists
Regions Targeted: United States, France, Italy, United Kingdom, Canada, others
Related Families: None
New MacOS.ZuRu Variant Discovered
Jul 22, 2025 3:05:50 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Malware Analysis, Cybersecurity Threat, MacOS malware, ZuRu malware, Termius trojan, macOS security, backdoor threat, SSH client attack, Khepri C2, developer security
Verticals Targeted: IT, software development
Regions Targeted: None specified
Related Families: None
Executive Summary
A new variant of the macOS.ZuRu malware, first identified in 2021, was discovered, leveraging a trojanized Termius application to deploy a modified Khepri C2 beacon, targeting developers and IT professionals. This sophisticated backdoor employs advanced techniques to evade detection and establish persistent remote access.
BERT Ransomware
Jul 11, 2025 2:02:09 PM / by The Hivemind posted in Threat Bulletin, Europe, REvil, Healthcare, Asia, Babuk, Technology, Emerging Threat, PowerShell, Evolving Threat, Event Services, United States, BERT ransomware
Verticals Targeted: Healthcare, Technology
Regions Targeted: Asia, Europe, United States
Related Families: REvil, Babuk
Godfather Evolves With Advanced On-Device Virtualization Capabilities
Jun 30, 2025 1:56:44 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, Godfather Malware, Mobile Banking Trojan, on-device virtualization, cryptocurrency app attacks, accessibility service abuse, overlay attacks, mobile security threats, banking app hijacking
Verticals Targeted: Financial
Regions Targeted: Not specified
Related Families: None
Executive Summary
Industry researchers have identified an advanced evolution of the Godfather banking trojan, which employs on-device virtualization to hijack mobile banking and cryptocurrency applications on Android devices. This sophisticated technique allows attackers to monitor and control user interactions within a virtualized app environment, posing a significant threat to mobile security.
Crocodilus Evolves, Expands Targeting
Jun 20, 2025 12:01:52 PM / by The Hivemind posted in Threat Bulletin, Banking Trojan, Evolving Threat, Crocodilus, Android Malware, Cryptocurrency Theft, Phishing Campaign, Overlay Attack, Mobile Security, ThreatFabric
Verticals Targeted: Banking, E-commerce, Cryptocurrency
Regions Targeted: Turkey, Poland, Spain, Argentina, Brazil, India, Indonesia, United States
Related Families: None specified
Executive Summary
Crocodilus, an Android banking trojan first identified in March 2025, has rapidly evolved into a global threat, targeting banking and cryptocurrency users across eight countries with advanced overlay attacks and social engineering tactics. Its enhanced obfuscation and new features, such as contact list manipulation, amplify its ability to evade detection and execute fraudulent transactions.
New Chaos RAT Variants Observed
Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified
Executive Summary
New variants of Chaos RAT, an open-source remote administration tool (RAT) first observed in 2022, have been identified. The new variants target both Windows and Linux systems through sophisticated phishing campaigns. This evolving malware deploys cryptominers, steals sensitive data, and establishes persistent control over infected devices.
StealC Evolves
May 12, 2025 3:01:20 PM / by The Hivemind posted in Threat Bulletin, Stealer, Evolving Threat, StealC, StealCV2, Amadey
Related Families: Amadey