The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

When Disaster Strikes, Cybercriminals Follow: The Persistent Threat of Disaster-Themed Fraud Campaigns

Jul 6, 2026 2:47:54 PM / by The Hivemind posted in Threat Bulletin, Phishing Campaigns, disaster phishing, charity fraud, natural disaster cyber threats, disaster-themed cyber campaigns, fake charities, cyber fraud

0 Comments

Executive Summary

Natural disasters create opportunities not only for emergency responders and humanitarian organizations to do good, but also for cybercriminals seeking to exploit public fear, urgency, and generosity. Following the June 2026 Venezuela earthquake, researchers observed hundreds of newly registered disaster-themed domains, highlighting how quickly threat actors and opportunistic scammers can capitalize on breaking events. This activity reflects a broader pattern observed after major disasters worldwide, where fraudulent websites, phishing campaigns, and fake charities emerge alongside legitimate relief efforts, complicating efforts to distinguish trusted resources from malicious infrastructure.

Read More

MuddyWater's UDPGangster Backdoor

Dec 15, 2025 2:04:50 PM / by The Hivemind posted in Threat Bulletin, anti-analysis techniques, Phishing Campaigns, cyber espionage, VBA macros, UDPGangster, UDP backdoor

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Turkey, Israel, Azerbaijan
Related Families: Phoenix

Read More

APT24’s BadAudio

Dec 5, 2025 2:11:03 PM / by The Hivemind posted in Threat Bulletin, Phishing Campaigns, Pitty Panda, BadAudio, PRC cyber espionage, APT24, supply chain compromise, strategic web compromise, Cobalt Strike Beacon

0 Comments

Verticals Targeted: Digital Marketing, Industrial Sectors, Recreational Goods, Animal Rescue Organizations
Regions Targeted: Taiwan
Related Families: Cobalt Strike

Read More

ClayRAT

Oct 17, 2025 4:14:26 PM / by The Hivemind posted in Threat Bulletin, Malware, mobile threat evolution, ClayRAT, Android Spyware, spyware distribution, Android Security, Telegram phishing, SMS handler abuse, Phishing Campaigns, Malware Propagation

0 Comments

Verticals Targeted: None specified
Regions Targeted: Russia
Related Families: None

Executive Summary

ClayRAT, a sophisticated Android spyware campaign targeting Russian users, leverages Telegram channels and phishing sites to distribute malicious APKs disguised as popular apps. Its rapid evolution, extensive surveillance capabilities, and self-propagation via SMS make it a significant threat to mobile security.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts