The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Static Kitten Observed Using DCHSpy Android Malware

Aug 1, 2025 1:17:27 PM / by The Hivemind posted in Threat Bulletin, Static Kitten, Spyware, Data Exfiltration, Mobile Security, DCHSpy, Android surveillanceware, Starlink spoofing, Iranian malware, Middle East cyber threats, VPN phishing

0 Comments

Verticals Targeted: None specified
Regions Targeted: Iran, Middle East
Related Families: None specified

Executive Summary

DCHSpy is an Android surveillanceware linked to Iran’s Static Kitten group, targeting Iranian users with fake VPN and Starlink apps to steal sensitive data amid regional conflict. This malware, active since October 2023, exploits social engineering to access WhatsApp, location data, and personal files.

Read More

Ricochet Chollima Using KoSpy Android Spyware

Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37

0 Comments

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.

Read More

FireScam Android Malware

Jan 10, 2025 1:36:56 PM / by The Hivemind posted in Threat Bulletin, Android, Stealer, Spyware, FireScam

0 Comments

Executive Summary

FireScam is a sophisticated Android malware family that is disguised as a Telegram Premium app. It has both infostealer and spyware capabilities.

Read More

Mandrake Android Spyware

Aug 5, 2024 2:46:26 PM / by The Hivemind posted in Threat Bulletin, Android, Spyware, Mandrake, APK

0 Comments

Executive Summary

A new version of Mandrake Android spyware was observed being distributed by multiple Android APKs on the Google Play store earlier this year.

Read More

New CapraRAT Activity

Jul 12, 2024 2:44:05 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, CapraRAT, Spyware, Mobile, Surveillance

0 Comments

Executive Summary

Pakistan-based threat actor group Mythic Leopard was recently observed using new CapraRAT samples to expand their targeting.

Read More

Cuckoo: Part Infostealer, Part Spyware

May 13, 2024 2:20:01 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Spyware, MacOS, Cuckoo

0 Comments

Executive Summary

Cuckoo is a recently discovered infostealer and spyware hybrid targeting MacOS systems.

Read More

VajraSpy Android Spyware

Feb 20, 2024 12:02:15 PM / by The Hivemind posted in Threat Bulletin, APT, Android, Malware, Spyware, Mobile, VajraSpy

0 Comments

Executive Summary

Read More

RatMilad Android Spyware

Oct 17, 2022 11:17:37 AM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Spyware, RatMilad

0 Comments

Executive Summary

Zimperium recently reported on RatMilad, spyware targeting Android devices.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More