The PolySwarm Blog

Verticals Targeted: NGOs, Policy Advisors, Dissidents
Regions Targeted: Not Specified
Related Families: LOSTKEYS, COLDCOPY, YESROBOT, MAYBEROBOT

Executive Summary

Industry researchers have identified new malware families, including NOROBOT, YESROBOT, and MAYBEROBOT, deployed by the Russian state-sponsored group COLDRIVER, targeting high-value individuals in NGOs, policy advisors, and dissidents. This rapid retooling, observed after the May 2025 disclosure of LOSTKEYS, showcases COLDRIVER’s evolving tactics to evade detection while maintaining aggressive intelligence collection.

Verticals Targeted: Manufacturing, Government, Healthcare, Technology, Retail, Education, Financial, Construction
Regions Targeted: India, US, Europe, Brazil, Canada
Related Families: None

Executive Summary

The EvilAI malware campaign leverages AI-generated code and deceptive applications with valid digital signatures to infiltrate systems globally, targeting critical industries like manufacturing, government, and healthcare. By mimicking legitimate software and employing sophisticated obfuscation, EvilAI evades detection, exfiltrates sensitive data, and maintains persistent control via encrypted C2 communications, posing a significant threat to organizations worldwide.