The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Static Kitten Observed Using DCHSpy Android Malware

Aug 1, 2025 1:17:27 PM / by The Hivemind posted in Threat Bulletin, Static Kitten, Spyware, Data Exfiltration, Mobile Security, DCHSpy, Android surveillanceware, Starlink spoofing, Iranian malware, Middle East cyber threats, VPN phishing

0 Comments

Verticals Targeted: None specified
Regions Targeted: Iran, Middle East
Related Families: None specified

Executive Summary

DCHSpy is an Android surveillanceware linked to Iran’s Static Kitten group, targeting Iranian users with fake VPN and Starlink apps to steal sensitive data amid regional conflict. This malware, active since October 2023, exploits social engineering to access WhatsApp, location data, and personal files.

Read More

Crocodilus Evolves, Expands Targeting

Jun 20, 2025 12:01:52 PM / by The Hivemind posted in Threat Bulletin, Banking Trojan, Evolving Threat, Crocodilus, Android Malware, Cryptocurrency Theft, Phishing Campaign, Overlay Attack, Mobile Security, ThreatFabric

0 Comments

Verticals Targeted: Banking, E-commerce, Cryptocurrency
Regions Targeted: Turkey, Poland, Spain, Argentina, Brazil, India, Indonesia, United States
Related Families: None specified

Executive Summary

Crocodilus, an Android banking trojan first identified in March 2025, has rapidly evolved into a global threat, targeting banking and cryptocurrency users across eight countries with advanced overlay attacks and social engineering tactics. Its enhanced obfuscation and new features, such as contact list manipulation, amplify its ability to evade detection and execute fraudulent transactions.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts