The PolySwarm Blog

Verticals Targeted: Military, Law Enforcement, Government
Regions Targeted: Ukraine

Executive Summary

The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a new phishing campaign by UAC-0226, deploying the GIFTEDCROOK stealer through malicious Excel files to compromise Ukrainian institutions. This operation targets sensitive data from military, law enforcement, and local government entities, leveraging socially engineered lures for execution.

Related Families: SmokeLoader, Rhadamanthys  

Verticals Targeted: Financial

Executive Summary

Crocodilus is a newly identified Android banking Trojan that exhibits advanced device-takeover capabilities and targets financial institutions and cryptocurrency wallets. Already operational in Spain and Turkey, this malware showcases a mature feature set that challenges traditional defenses, marking a significant evolution in mobile threats.

Related Families: Remcos

Executive Summary

Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.

Executive Summary

VanHelsing is an emerging ransomware threat. VanHelsing targets an expansive array of platforms, including Windows, Linux, BSD, ARM, and ESXi systems, positioning it as a versatile threat across diverse IT environments.

Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure 

Executive Summary

StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.