Verticals Targeted: Financial
Regions Targeted: Not specified
Related Families: None
Godfather Evolves With Advanced On-Device Virtualization Capabilities
Jun 30, 2025 1:56:44 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, Godfather Malware, Mobile Banking Trojan, on-device virtualization, cryptocurrency app attacks, accessibility service abuse, overlay attacks, mobile security threats, banking app hijacking
Crocodilus Evolves, Expands Targeting
Jun 20, 2025 12:01:52 PM / by The Hivemind posted in Threat Bulletin, Banking Trojan, Evolving Threat, Crocodilus, Android Malware, Cryptocurrency Theft, Phishing Campaign, Overlay Attack, Mobile Security, ThreatFabric
Verticals Targeted: Banking, E-commerce, Cryptocurrency
Regions Targeted: Turkey, Poland, Spain, Argentina, Brazil, India, Indonesia, United States
Related Families: None specified
Executive Summary
Crocodilus, an Android banking trojan first identified in March 2025, has rapidly evolved into a global threat, targeting banking and cryptocurrency users across eight countries with advanced overlay attacks and social engineering tactics. Its enhanced obfuscation and new features, such as contact list manipulation, amplify its ability to evade detection and execute fraudulent transactions.
New Chaos RAT Variants Observed
Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified
Executive Summary
New variants of Chaos RAT, an open-source remote administration tool (RAT) first observed in 2022, have been identified. The new variants target both Windows and Linux systems through sophisticated phishing campaigns. This evolving malware deploys cryptominers, steals sensitive data, and establishes persistent control over infected devices.
StealC Evolves
May 12, 2025 3:01:20 PM / by The Hivemind posted in Threat Bulletin, Stealer, Evolving Threat, StealC, StealCV2, Amadey
Related Families: Amadey
Executive Summary
StealC V2, a sophisticated evolution of the StealC information stealer, introduces enhanced payload delivery, RC4 encryption, and a redesigned control panel, posing significant risks to organizations.
Venom Spider Using New TerraStealerV2 and TerraLogger Malware
May 9, 2025 2:17:08 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, TerraStealerV2, TerraLogger, Venom Spider
Related Families: VenomLNK, TerraLoader, TerraStealer, TerraTV, TerraCrypt, TerraRecon, TerraWiper, lite_more_eggs, RevC2, Venom Loader
Executive Summary
TerraStealerV2 and TerraLogger are two new malware families from Venom Spider, enhancing their Malware-as-a-Service (MaaS) platform with credential theft and keylogging capabilities. These tools, observed between January and April 2025, indicate active development but lack the sophistication of mature Venom Spider malware.
Triada Android Trojan
May 2, 2025 2:12:14 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Evolving Threat, Triada
Verticals Targeted: Cryptocurrency, Social Media, Communications
Regions Targeted: Russia, United Kingdom, Germany, Netherlands, Brazil
Related Families: Dwphon, MobOk
Executive Summary
The Triada trojan has evolved into a sophisticated firmware-embedded threat, targeting Android devices with custom modules to steal cryptocurrency and compromise popular applications like Telegram and WhatsApp. Its persistence and modular architecture pose significant risks to users and organizations globally.
Sidewinder Using New Tools to Target Maritime and Nuclear Sectors
Mar 14, 2025 3:14:11 PM / by The Hivemind posted in Threat Bulletin, Sidewinder, TTPs, Nuclear, Evolving Threat, Maritime
Verticals Targeted: Maritime, Nuclear
Executive Summary
SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.
Silver Fox Targeting Medical Devices
Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT
Related Families: ValleyRAT
Verticals Targeted: Medical