Insights, news, education and announcements from PolySwarm

Roaming Mantis Wroba.o Android Malware

Feb 3, 2023 1:20:46 PM / by The Hivemind posted in Threat Bulletin, Android, Shaoye, Xloader, Roaming Mantis, DNS, Wroba.o

0 Comments

Related Families: Wroba.o, Xloader

Executive Summary

Kaspersky SecureList recently reported on a Roaming Mantis campaign using Wroba.o with DNS hijacking to infect routers and Android devices.

Key Takeaways

Hook Android Banking Trojan

Jan 31, 2023 12:25:40 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, RAT, Trojan, Hook, Ermac, DukeEugene

0 Comments

Related Families: Ermac
Verticals Targeted: Financial

Executive Summary

Threat Fabric recently reported on Hook, an Android banking trojan that is a fork of Ermac.

Malicious Lolip0p PyPI Packages Drop Wacatac

Jan 27, 2023 2:58:20 PM / by The Hivemind posted in Threat Bulletin, PyPI, Supply Chain Attack, Lolip0p, Wacatac

0 Comments

Related Families: Wacatac

Executive Summary

Fortinet recently reported on a supply chain attack in which threat actors leveraged a 0-day attack embedded in three PyPI packages to deliver Wacatac.

Fake Cracked Software Sites Delivering Stealers

Jan 24, 2023 11:02:41 AM / by PolySwarm Tech Team posted in Threat Bulletin, Stealer, Infostealer, Racoon

0 Comments

Related Families: Raccoon, Vidar

Executive Summary

Sekoia recently reported on a campaign leveraging fake cracked software sites to deliver information stealers, including Raccoon and Vidar.

Recent Turla Activity Targeting Ukraine

Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary

0 Comments

Related Families: Andromeda, Kopiluwak, QuietCanary

Executive Summary

Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.