The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Ymir Ransomware

Nov 18, 2024 2:19:58 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Extortion, RustyStealer, Ymir

0 Comments

Related Families: RustyStealer

Executive Summary

Ymir is a new ransomware family that was recently observed encrypting systems previously compromised by RustyStealer. PolySwarm analysts consider Ymir to be an emerging threat.

Read More

HellCat Ransomware Targets Energy Giant Schneider Electric

Nov 15, 2024 12:52:13 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Energy, Emerging Threat, Evolving Threat

0 Comments

Related Families: HellDown
Verticals Targeted: Energy

Executive Summary

HellCat ransomware recently targeted French energy giant Schneider Electric. PolySwarm analysts consider HellCat to be an emerging threat.

Read More

ToxicPanda Android Banking Trojan

Nov 12, 2024 12:41:07 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banker, Banking Trojan, ToxicPanda, TgToxic

0 Comments

Related Families: TgToxic
Verticals Targeted: Financial 

Executive Summary

ToxicPanda is an Android banking trojan that was first seen in the wild in October 2024. It allows threat actors to steal a victim’s money via account takeover (ATO) using On-Device Fraud (ODF).

Read More

NotLockBit Ransomware Targets MacOS

Nov 8, 2024 1:45:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Windows, LockBit, MacOS, NotLockBit

0 Comments

Executive Summary

NotLockBit is a ransomware family that mimics LockBit. NotLockBit is unique in that it is one of the first fully functional ransomware families to target MacOS systems.

Read More

FASTCash Linux Variant

Nov 4, 2024 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Linux, FastCash, Payment Switch

0 Comments

Verticals Targeted: Financial 

Executive Summary

A Linux variant of FASTCash “payment switch” malware was recently discovered. This malware is typically used by North Korea nexus threat actor groups to make unauthorized cash withdrawals from ATMs.

Read More

The Evolution of Akira Ransomware

Nov 1, 2024 12:21:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Evolving Threat

0 Comments

Verticals Targeted: Aerospace, Manufacturing, Professional Services, Scientific and Technical Services, Retail, Construction, Insurance, Telecommunications, Hospitality, and Legal Services

Executive Summary

Akira ransomware is one of the most prolific ransomware families of 2024. Active in the wild since April 2023, Akira has continued to evolve, maintaining its relevance on the threat landscape.

Read More

BumbleBee Returns With New Infection Chain

Oct 28, 2024 12:26:54 PM / by The Hivemind posted in Threat Bulletin, Loader, Bumblebee, Operation Endgame, Evolving Threat

0 Comments

Related Families: BazarLoader, BazaLoader

Executive Summary

BumbleBee is a sophisticated loader. It was first seen in the wild in 2022 and was a replacement for BazarLoader. It recently re-emerged with a new infection chain, indicating an evolving threat.

Read More

GorillaBot

Oct 23, 2024 11:56:41 AM / by The Hivemind posted in Threat Bulletin, DDoS, Mirai, Emerging Threat, GorillaBot, Gorilla Botnet

0 Comments

Related Families: Mirai
Verticals Targeted: Education, Government, Telecommunications, Financial, Gaming

Executive Summary

Gorilla Botnet, also known as GorillaBot, is a Mirai-based botnet family that recently gained momentum and notoriety.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts