Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Campaigns abusing the CaramelAds SDK
Konfety Android Malware
Jul 28, 2025 3:08:29 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Konfety malware, Android evasion techniques, ad fraud operations, secondary DEX files, runtime injection, mobile security analysis, hidden APK components, mobile threat evolution, dynamic code loading, malware obfuscation
Atomic Stealer Evolves
Jul 25, 2025 2:47:25 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Evolving Threat, Spear Phishing, Cryptocurrency Theft, macOS security, Atomic macOS Stealer, AMOS malware, macOS backdoor, persistent access, Moonlock cybersecurity
Verticals Targeted: Cryptocurrency, Freelancers, Artists
Regions Targeted: United States, France, Italy, United Kingdom, Canada, others
Related Families: None
New MacOS.ZuRu Variant Discovered
Jul 22, 2025 3:05:50 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Malware Analysis, Cybersecurity Threat, MacOS malware, ZuRu malware, Termius trojan, macOS security, backdoor threat, SSH client attack, Khepri C2, developer security
Verticals Targeted: IT, software development
Regions Targeted: None specified
Related Families: None
Executive Summary
A new variant of the macOS.ZuRu malware, first identified in 2021, was discovered, leveraging a trojanized Termius application to deploy a modified Khepri C2 beacon, targeting developers and IT professionals. This sophisticated backdoor employs advanced techniques to evade detection and establish persistent remote access.
Anatsa Android Banking Trojan Targets US Banks
Jul 18, 2025 2:08:41 PM / by The Hivemind posted in Threat Bulletin, Banker, Banking Trojan, Anatsa, Android Malware, overlay attacks, Google Play Store, credential theft, North America, financial fraud, device takeover, mobile banking
Verticals Targeted: Financial
Regions Targeted: US, Canada
Related Families: None
NimDoor MacOS Malware
Jul 14, 2025 2:34:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Stealer, Infostealer, Cryptocurrency, social engineering, Stardust Chollima, NimDoor, AppleScript, MacOS malware, Web3, Nim, Zoom phishing
Verticals Targeted: Cryptocurrency
Regions Targeted: Not Specified
Related Families: None
Executive Summary
NimDoor is a sophisticated MacOS malware deployed by North Korea-linked threat actors, likely Stardust Chollima, targeting Web3 and cryptocurrency organizations. Utilizing Nim and C++ binaries, AppleScript, and social engineering via fake Zoom updates, NimDoor employs process injection, WebSocket communications, and signal-based persistence to steal sensitive data.
BERT Ransomware
Jul 11, 2025 2:02:09 PM / by The Hivemind posted in Threat Bulletin, Europe, REvil, Healthcare, Asia, Babuk, Technology, Emerging Threat, PowerShell, Evolving Threat, Event Services, United States, BERT ransomware
Verticals Targeted: Healthcare, Technology
Regions Targeted: Asia, Europe, United States
Related Families: REvil, Babuk
SparkKitty Trojan Targets Mobile Users with Cross-Platform Espionage
Jul 8, 2025 12:50:14 PM / by The Hivemind posted in Threat Bulletin, Android Malware, Cryptocurrency Theft, SparkKitty, iOS malware, App Store, Southeast Asia, SparkCat, Trojan malware, photo exfiltration
Verticals Targeted: Cryptocurrency, Gambling, Adult Entertainment
Regions Targeted: Southeast Asia, China
Related Families: SparkCat
Executive Summary
SparkKitty, a Trojan malware targeting iOS and Android devices, infiltrates official app stores and untrusted websites to steal images from device galleries, primarily aiming to capture cryptocurrency wallet seed phrases. Active since early 2024, it poses a significant threat to users in Southeast Asia and China.
Godfather Evolves With Advanced On-Device Virtualization Capabilities
Jun 30, 2025 1:56:44 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, Godfather Malware, Mobile Banking Trojan, on-device virtualization, cryptocurrency app attacks, accessibility service abuse, overlay attacks, mobile security threats, banking app hijacking
Verticals Targeted: Financial
Regions Targeted: Not specified
Related Families: None