The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PXA Stealer

Nov 22, 2024 1:54:18 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, PXA Stealer, Vietnam

0 Comments

Verticals Targeted: Government, Education 

Executive Summary

PXA Stealer was used in an information-stealing campaign targeting entities in the government and education sectors, located in Europe and Asia.

Read More

Cthulhu MacOS Stealer

Aug 30, 2024 2:09:06 PM / by The Hivemind posted in Threat Bulletin, Stealer, MacOS, Cthulhu

0 Comments

Related Families: Atomic Stealer

Executive Summary

Cthulhu is a stealer malware targeting MacOS systems. First observed in 2023, this malware-as-a-service  (MaaS) is capable of targeting both x86_64 and ARM architectures.

Read More

FickleStealer

Jun 28, 2024 3:08:23 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, FickleStealer

0 Comments

Executive Summary

FickleStealer is a Rust-based stealer that targets Windows devices. It is distributed in a variety of ways and steals information, likely with the intent of using the information for follow-on attacks.

Read More

Ebury Compromised 400K Linux Servers

May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect

0 Comments

Related Families: HelimodSteal, HelimodProxy, HelimodRedirect

Executive Summary

A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.

Read More

CoralRaider's Stealer Spree

May 3, 2024 1:53:10 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, LummaC2, Rhadamanthys, CryptBot, CoralRaider

0 Comments

Related Families: CryptBot, LummaC2, Rhadamanthys
Verticals Targeted: Technology, Defense

Executive Summary

The threat actor group CoralRaider was recently observed on a stealer spree distributing three infostealers, CryptBot, LummaC2, and Rhadamanthys.  

Read More

StrelaStealer Campaign Targeted US and EU

Apr 1, 2024 2:28:11 PM / by The Hivemind posted in Threat Bulletin, Government, Stealer, Energy, Manufacturing, Legal Services, Insurance, Construction, StrelaStealer, Email, Finance

0 Comments

Verticals Targeted: Technology, Finance, Legal Services, Manufacturing, Government, Energy, Insurance, Construction

Executive Summary

StrelaStealer was recently used in a widespread campaign targeting over 100 entities in the US and EU. The newest version of StrelaStealer is more advanced than previous versions and includes features to help thwart analysis.

Read More

Rhadamanthys Targeting ONG Sector

Mar 8, 2024 1:36:26 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Stealer, Phishing, Energy, ONG, Oil & Gas, Rhadamanthys

0 Comments

Verticals Targeted: Oil & Gas, Energy, Critical Infrastructure

Read More

LummaC2

Dec 1, 2023 12:48:51 PM / by The Hivemind posted in Threat Bulletin, Stealer, LummaC2, Lumma

0 Comments

Executive Summary

A new variant of LummaC2 was observed using a unique trigonometry-based anti-sandboxing technique.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts