Verticals Targeted: Not specified
Regions Targeted: US
Related Families: CastleLoader
Verticals Targeted: Healthcare
Regions Targeted: US, Europe, Worldwide
Related Families: Multiple
Executive Summary
The healthcare sector in 2025 has endured a persistent wave of ransomware attacks, with threat actors exploiting vulnerabilities to disrupt critical operations and exfiltrate sensitive patient data, underscoring the need for robust defenses against evolving cyber threats.
Verticals Targeted: Financial, Enterprises
Regions Targeted: Not specified
Related Families: Ermac, Brokewell
Executive Summary
Hook Version 3 is an advanced Android banking trojan with ransomware, phishing, and lockscreen bypass capabilities, posing significant risks to financial institutions and enterprises. Its distribution via phishing websites and GitHub amplifies its reach, necessitating robust mobile threat defenses.
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Snowlight dropper
Executive Summary
VShell is a sophisticated Go-based backdoor targeting Linux systems through a novel infection chain that weaponizes filenames in RAR archives. This malware, linked to Chinese APT groups, exploits common shell scripting practices to execute malicious Bash payloads, delivering a stealthy, memory-resident backdoor capable of remote control, file operations, and network tunneling.
Verticals Targeted: Financial
Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan
Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT
Executive Summary
GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: AHK Bot, Skitnet/Bossnet