The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BPFDoor Campaign Targets Asia and Middle East

Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor

0 Comments

Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote

Executive Summary

A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.

Read More

SystemBC Now Targeting Linux

Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat

0 Comments

Related Families: RIG, Fallout EK

Executive Summary

SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.

Read More

Evasive Panda Uses SSH Backdoor to Target Network Devices

Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr

0 Comments

Executive Summary

Read More

HellDown Ransomware Linux Variant

Nov 25, 2024 1:39:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Emerging Threat, ESXi, HellDown

0 Comments

Read More

FASTCash Linux Variant

Nov 4, 2024 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Linux, FastCash, Payment Switch

0 Comments

Verticals Targeted: Financial 

Executive Summary

A Linux variant of FASTCash “payment switch” malware was recently discovered. This malware is typically used by North Korea nexus threat actor groups to make unauthorized cash withdrawals from ATMs.

Read More

Perfectl Linux Malware

Oct 15, 2024 2:29:59 PM / by The Hivemind posted in Threat Bulletin, Linux, Cryptominer, Perfectl, Monero, Proxyjacking

0 Comments

Executive Summary

Perfectl is a malware family that targets misconfigured Linux servers. In a recent campaign, Perfectl was observed deploying cryptominers and proxyjacking software.

Read More

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima

0 Comments

Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development 

Executive Summary

North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.  

Read More

Play Ransomware Linux Variant Discovered

Jul 26, 2024 3:02:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Play, ESXi

0 Comments

Executive Summary

A Linux variant of Play ransomware has been observed that is capable of targeting ESXi environments.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More