Verticals Targeted: None yet
Regions Targeted: None yet
Related Families: None
PromptLock AI-Powered Ransomware
Sep 5, 2025 2:36:00 PM / by The Hivemind posted in Threat Bulletin, Data Exfiltration, Linux Malware, Windows Malware, file encryption, proof of concept, AI-powered ransomware, PromptLock malware, AI cybersecurity threats, Golang ransomware, Lua scripts, POC
VShell Linux Backdoor
Aug 29, 2025 12:46:41 PM / by The Hivemind posted in Threat Bulletin, Linux Malware, VShell malware, malicious filename, command injection, XOR encryption, Bash payload, remote access backdoor, fileless malware, Snowlight dropper, Linux server security
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: Snowlight dropper
Executive Summary
VShell is a sophisticated Go-based backdoor targeting Linux systems through a novel infection chain that weaponizes filenames in RAR archives. This malware, linked to Chinese APT groups, exploits common shell scripting practices to execute malicious Bash payloads, delivering a stealthy, memory-resident backdoor capable of remote control, file operations, and network tunneling.
New Chaos RAT Variants Observed
Jun 16, 2025 1:57:09 PM / by The Hivemind posted in Threat Bulletin, Malware, Data Theft, Evolving Threat, Cybersecurity, Chaos RAT, Remote Administration Tool, Linux Malware, Windows Malware, Phishing Attacks, Cryptocurrency Mining
Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None identified