The PolySwarm Blog

Executive Summary

Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.

Key Takeaways

Executive Summary

Cyble recently reported on PennyWise, an infostealer targeting crypto and browsers. PennyWise uses YouTube videos to bait victims into installing what they believe to be Bitcoin mining software.

Background

CERT-UA recently released an advisory on IcedID, a modular banking trojan being dropped via a social engineering campaign targeting Ukrainian government entities, and related Zimbra exploits.

Background

Last month HP published research on RedLine Stealer, a stealer malware being delivered via fake Windows 11 updates. Almost a month later, RedLine Stealer continues to be active in the wild, with new samples surfacing over the past week.