The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Cuckoo: Part Infostealer, Part Spyware

May 13, 2024 2:20:01 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Spyware, MacOS, Cuckoo

0 Comments

Executive Summary

Cuckoo is a recently discovered infostealer and spyware hybrid targeting MacOS systems.

Read More

Cuttlefish Targeting SOHO Routers

May 10, 2024 2:07:32 PM / by The Hivemind posted in Threat Bulletin, China, Cuttlefish, HiatusRat, SOHO routers

0 Comments

Related Families: HiatusRat
Targeted Verticals: Telecommunications, Various

Executive Summary

Cuttlefish is a recently discovered modular malware platform observed targeting networking equipment, including enterprise grade SOHO routers.

Read More

Brokewell Android Banking Trojan

May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell

0 Comments

Verticals Targeted: Financial

Executive Summary

Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.

Read More

CoralRaider's Stealer Spree

May 3, 2024 1:53:10 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, LummaC2, Rhadamanthys, CryptBot, CoralRaider

0 Comments

Related Families: CryptBot, LummaC2, Rhadamanthys
Verticals Targeted: Technology, Defense

Executive Summary

The threat actor group CoralRaider was recently observed on a stealer spree distributing three infostealers, CryptBot, LummaC2, and Rhadamanthys.  

Read More

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Apr 26, 2024 2:28:37 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, ICS, Energy, VooDoo Bear, Kapeka

0 Comments

Related Families: GreyEnergy, Prestige
Verticals Targeted: Critical Infrastructure

Executive Summary

Kapeka, also known as KnuckleTouch, is a novel backdoor used by VooDoo Bear to target entities in Eastern Europe.

Read More

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Apr 22, 2024 2:02:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cerber, CVE-2023-22518, Confluence

0 Comments

Related Families: Effluence

Executive Summary

A Linux variant of Cerber ransomware was observed exploiting CVE-2023-22518, a vulnerability affecting Atlassian Confluence.

Read More

Operation MidnightEclipse Leverages CVE-2024-3400

Apr 19, 2024 12:54:33 PM / by The Hivemind posted in Threat Bulletin, UPSTYLE, Operation MidnightEclipse, CVE-2024-3400

0 Comments

Related Families: UPSTYLE

Executive Summary

Since late March 2024, a threat actor dubbed UTA0218 has been leveraging a zero-day exploit of CVE-2024-3400.

Read More

DarkGate

Apr 15, 2024 3:29:16 PM / by The Hivemind posted in Threat Bulletin, Loader, DarkGate, CVE-2023-36025, CVE-2024-21412

0 Comments

Verticals Targeted: Financial

Executive Summary

DarkGate was observed in early 2024 in a campaign leveraging CVE-2024-21412 to target entities in the financial vertical.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts