The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

NimDoor MacOS Malware

Jul 14, 2025 2:34:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Stealer, Infostealer, Cryptocurrency, social engineering, Stardust Chollima, NimDoor, AppleScript, MacOS malware, Web3, Nim, Zoom phishing

0 Comments

Verticals Targeted: Cryptocurrency
Regions Targeted: Not Specified
Related Families: None

Executive Summary

NimDoor is a sophisticated MacOS malware deployed by North Korea-linked threat actors, likely Stardust Chollima, targeting Web3 and cryptocurrency organizations. Utilizing Nim and C++ binaries, AppleScript, and social engineering via fake Zoom updates, NimDoor employs process injection, WebSocket communications, and signal-based persistence to steal sensitive data.

Read More

Famous Chollima’s PylangGhost

Jun 23, 2025 2:25:38 PM / by The Hivemind posted in Blockchain, Threat Bulletin, North Korea, India, Malware, Python, Cryptocurrency, RAT, PylangGhost, GolangGhost, Famous Chollima

0 Comments

Verticals Targeted: Cryptocurrency
Regions Targeted: India
Related Families: GolangGhost

Executive Summary

Famous Chollima, a North Korean-aligned threat actor, has deployed PylangGhost, a Python-based remote access trojan (RAT), targeting cryptocurrency and blockchain professionals in India. This malware, a variant of the GolangGhost RAT, facilitates credential theft and remote system control via sophisticated social engineering tactics.

Read More

Ricochet Chollima Using KoSpy Android Spyware

Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37

0 Comments

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.

Read More

2024 Recap - North Korean Threat Actor Activity

Dec 13, 2024 2:20:52 PM / by The Hivemind posted in Threat Bulletin, North Korea, Asia, APAC, 2024, Recap

0 Comments

Executive Summary

This Threat Bulletin is part of PolySwarm’s 2024 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2024.

Read More

Silent Chollima Extortion Activity Targets US Entities

Oct 11, 2024 2:12:45 PM / by The Hivemind posted in Threat Bulletin, North Korea, Extortion, Silent Chollima, Andariel, APT 45, Stonefly, Onyx Sleet, Preft

0 Comments

Related Families: Preft

Read More

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima

0 Comments

Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development 

Executive Summary

North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.  

Read More

DevPopper Campaign Targets Software Developers

Aug 26, 2024 1:38:47 PM / by The Hivemind posted in Threat Bulletin, North Korea, RAT, DevPopper

0 Comments

Verticals Targeted: Software Development

Executive Summary

An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.

Read More

Silent Chollima's Espionage Activity

Aug 2, 2024 2:15:57 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Dtrack, Dora RAT, TigerRAT, Silent Chollima, SmallTiger

0 Comments

Related Families: Dtrack, Dora RAT, TigerRAT, SmallTiger, LightHand, ValidAlpha
Verticals Targeted: Military, Defense, Engineering, Technology, Education, Construction, Manufacturing, Gambling, Energy

Executive Summary

Last week, the US Department of Justice (DOJ) indicted Rim Jong Hyok, an individual allegedly affiliated with Silent Chollima. The group has been active since at least 2014 and is known to conduct espionage operations on behalf of North Korea.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More