Verticals Targeted: Healthcare
Regions Targeted: US, Europe, Worldwide
Related Families: Multiple
Recent Ransomware Threats to the Healthcare Vertical
Sep 8, 2025 1:12:36 PM / by The Hivemind posted in Threat Bulletin, US healthcare cybersecurity, ransomware healthcare 2025, healthcare ransomware attacks, hospital cyber threats, healthcare data breaches, ransomware groups 2025, patient data theft, healthcare operational disruptions
PromptLock AI-Powered Ransomware
Sep 5, 2025 2:36:00 PM / by The Hivemind posted in Threat Bulletin, Data Exfiltration, Linux Malware, Windows Malware, file encryption, proof of concept, AI-powered ransomware, PromptLock malware, AI cybersecurity threats, Golang ransomware, Lua scripts, POC
Verticals Targeted: None yet
Regions Targeted: None yet
Related Families: None
Hook Android Banking Trojan Evolves
Sep 2, 2025 12:52:33 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, ransomware overlay, fake NFC overlay, phishing overlay, Accessibility Services abuse, lockscreen bypass, GitHub malware distribution, financial sector threats, Hook banking trojan
Verticals Targeted: Financial, Enterprises
Regions Targeted: Not specified
Related Families: Ermac, Brokewell
Executive Summary
Hook Version 3 is an advanced Android banking trojan with ransomware, phishing, and lockscreen bypass capabilities, posing significant risks to financial institutions and enterprises. Its distribution via phishing websites and GitHub amplifies its reach, necessitating robust mobile threat defenses.
VShell Linux Backdoor
Aug 29, 2025 12:46:41 PM / by The Hivemind posted in Threat Bulletin, Linux Malware, VShell malware, malicious filename, command injection, XOR encryption, Bash payload, remote access backdoor, fileless malware, Snowlight dropper, Linux server security
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Snowlight dropper
Executive Summary
VShell is a sophisticated Go-based backdoor targeting Linux systems through a novel infection chain that weaponizes filenames in RAR archives. This malware, linked to Chinese APT groups, exploits common shell scripting practices to execute malicious Bash payloads, delivering a stealthy, memory-resident backdoor capable of remote control, file operations, and network tunneling.
GodRAT
Aug 25, 2025 2:36:30 PM / by The Hivemind posted in Threat Bulletin, AsyncRAT, Gh0st RAT, password stealer, shellcode injector, GodRAT, Remote Access Trojan, financial malware, steganography, FileManager plugin
Verticals Targeted: Financial
Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan
Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT
Executive Summary
GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.
PS1Bot Malware Framework
Aug 22, 2025 1:48:23 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Evolving Threat, PS1Bot, malware campaign, information stealer, C# malware, malvertising, cryptocurrency wallet theft, keylogger, in-memory execution, persistence module
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: AHK Bot, Skitnet/Bossnet
Charon Ransomware Targets Middle East
Aug 18, 2025 1:56:06 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Charon ransomware, Earth Baxia, APT techniques, process injection, anti-EDR, DLL sideloading, Middle East cyber attacks, public sector malware, aviation industry threats, ransomware defense
Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None
Executive Summary
Charon is a new ransomware family employing advanced APT-style techniques, targeting Middle Eastern public sector and aviation organizations with tailored ransom demands. Its sophisticated attack chain, including DLL sideloading and process injection, underscores the growing convergence of ransomware and APT tactics.
Plague Linux Backdoor
Aug 15, 2025 11:28:22 AM / by The Hivemind posted in Threat Hunting, Threat Bulletin, PAM malware, stealthy authentication bypass, Linux backdoor, XOR obfuscation, SSH persistence, Linux security
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None