Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.| blog.polyswarm.io
Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace Regions Targeted: Western Europe, Middle East Related Families: MiniJunk, MiniBrowse Executive Summary Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s...| PolySwarm Main Blog
Verticals Targeted: Not specified Regions Targeted: None Related Families: Petya, NotPetya, NotPetyaAgain, RedPetyaOpenSSL Executive Summary HybridPetya is a ransomware variant resembling Petya/NotPetya, capable of compromising UEFI-based systems and exploiting CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. While not observed in active campaigns, its advanced capabilities warrant close monitoring by security teams.| PolySwarm Main Blog
Verticals Targeted: Financial Regions Targeted: Czech Republic, Slovakia Related Families: NFSkate Executive Summary RatOn is a sophisticated Android banking trojan that integrates NFC relay capabilities with remote access and automated transfer functionalities, marking a notable evolution in mobile fraud tactics.| PolySwarm Main Blog
TAG-150 is a sophisticated threat actor that has been deploying CastleLoader, CastleBot, and the newly identified CastleRAT since March 2025, leveraging a multi-tiered infrastructure and advanced phishing tactics.| blog.polyswarm.io
Verticals Targeted: Not specified Regions Targeted: NATO countries Related Families: None| PolySwarm Main Blog
Verticals Targeted: Healthcare Regions Targeted: US, Europe, Worldwide Related Families: Multiple Executive Summary The healthcare sector in 2025 has endured a persistent wave of ransomware attacks, with threat actors exploiting vulnerabilities to disrupt critical operations and exfiltrate sensitive patient data, underscoring the need for robust defenses against evolving cyber threats.| PolySwarm Main Blog
Verticals Targeted: None yet Regions Targeted: None yet Related Families: None| PolySwarm Main Blog
Hook Version 3 is an advanced Android banking trojan with ransomware, phishing, and lockscreen bypass capabilities, posing significant risks to financial institutions and enterprises. Its distribution via phishing websites and GitHub amplifies its reach, necessitating robust mobile threat defenses.| blog.polyswarm.io
Verticals Targeted: Not specified Regions Targeted: Not specified Related Families: Snowlight dropper Executive Summary VShell is a sophisticated Go-based backdoor targeting Linux systems through a novel infection chain that weaponizes filenames in RAR archives. This malware, linked to Chinese APT groups, exploits common shell scripting practices to execute malicious Bash payloads, delivering a stealthy, memory-resident backdoor capable of remote control, file operations, and network tunneling.| PolySwarm Main Blog
Verticals Targeted: Financial Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT Executive Summary GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.| PolySwarm Main Blog
Researchers have uncovered Plague, a previously undetected Linux backdoor masquerading as a malicious Pluggable Authentication Module (PAM) to enable persistent SSH access and authentication bypass.| blog.polyswarm.io
DCHSpy is an Android surveillanceware linked to Iran’s Static Kitten group, targeting Iranian users with fake VPN and Starlink apps to steal sensitive data amid regional conflict.| blog.polyswarm.io
A new variant of the macOS.ZuRu malware, first identified in 2021, was discovered, leveraging a trojanized Termius application to deploy a modified Khepri C2 beacon, targeting developers and IT professionals.| blog.polyswarm.io
NimDoor is a sophisticated MacOS malware deployed by North Korea-linked threat actors, likely Stardust Chollima, targeting Web3 and cryptocurrency organizations.| blog.polyswarm.io
Since April 2025, the BERT ransomware group has targeted organizations in healthcare, technology, and event services across Asia, Europe, and the United States, utilizing PowerShell loaders and multi-threaded encryption.| blog.polyswarm.io
Escalating tensions following Israel’s “Operation Rising Lion” and US “Operation Midnight Hammer” can potentially trigger retaliatory cyberattacks, with IRGC-linked groups targeting US and Israeli critical infrastructure.| blog.polyswarm.io