Malpedia Library

Click here to download all references as Bib-File.•

2026-04-08 ⋅ Black Lotus Labs ⋅ Danny Adamitis, Ryan English
FrostArmada: All thriller, no (malware) filler

2026-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

2026-04-07 ⋅ IC3 ⋅ CISA, CNMF, Department of Energy (DOE), EPA, FBI, NSA
AA26-097A: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

2026-04-07 ⋅ NCSC UK ⋅ NCSC UK
APT28 exploit routers to enable DNS hijacking operations

2026-04-07 ⋅ Gen Digital ⋅ Jan Rubín, Vojtěch Krejsa
Remus: Unmasking The 64-bit Variant of the Infamous Lumma Stealer
Lumma Stealer Remus Tenzor

2026-04-05 ⋅ 0x3oBAD ⋅ Abdullah Islam
Deep Technical Analysis Of Payload Ransomware Targeting ESXi Environment
Payload

2026-04-01 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 13: sysinfo stealer via VirusTotal API. Simple C example

2026-03-31 ⋅ Google ⋅ Adrian Hernandez, Ashley Zaya, Austin Larsen, Christopher Gardner, Dima Lenz, Michael Rudden, Mon Liclican, Tyler McLellan
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
WAVESHAPER

2026-03-30 ⋅ Synthient ⋅ Synthient
ProxyBox: Socks5Systemz Lives On
Socks5 Systemz

2026-03-29 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 7: Re-opened applications. Simple C example

2026-03-26 ⋅ ANY.RUN ⋅ khr0x, raptur3
Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud
magecart

2026-03-26 ⋅ Rapid7 ⋅ Rapid7
BPFdoor in Telecom Networks: Sleeper Cells in the Backbone
BPFDoor tsh

2026-03-25 ⋅ ANY.RUN ⋅ Achmad Adhikara, GridGuardGhoul
Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide
Kamasers

2026-03-23 ⋅ Netomize ⋅ Mohamad Mokbel
Detect SnappyClient C&C Traffic Using PacketSmith + Yara-X Detection Module
SnappyClient

2026-03-23 ⋅ Sophos ⋅ Sophos Counter Threat Unit Research Team
NICKEL ALLEY strategy: Fake it ‘til you make it
PylangGhost GolangGhost

2026-03-20 ⋅ IC3 ⋅ FBI, IC3
I-032026-PSA: Russian Intelligence Services Target Commercial Messaging Application Accounts

2026-03-20 ⋅ FBI ⋅ FBI
Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets

2026-03-20 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 6: PAM module injection. Simple C example

2026-03-20 ⋅ Nextron Systems ⋅ Pezier Pierre-Henri
RegPhantom Backdoor Threat Analysis
RegPhantom

2026-03-19 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 5: cron jobs. Simple C example