Malpedia Library

Click here to download all references as Bib-File.•

2025-06-18 ⋅ Cisco Talos ⋅ Vanja Svajcer
Famous Chollima deploying Python version of GolangGhost RAT
GolangGhost PylangGhost GolangGhost

2025-06-18 ⋅ Check Point Research ⋅ Antonis Terefos, Jaromír Hořejší
Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data

2025-06-18 ⋅ Elastic ⋅ Salim Bitam
A Wretch Client: From ClickFix deception to information stealer deployment
HijackLoader Lumma Stealer SectopRAT

2025-06-18 ⋅ Huntress Labs ⋅ Alden Schmidt, Jonathan Semon, Stuart Ashenbrenner
Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion

2025-06-17 ⋅ Palo Alto Networks Unit 42 ⋅ Dominik Reichel
Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
KimJongRat

2025-06-17 ⋅ DARKReading ⋅ James Shank
Operation Endgame: Do Takedowns and Arrests Matter?
BumbleBee Emotet Pikabot SmokeLoader TrickBot

2025-06-16 ⋅ Proofpoint ⋅ Jeremy Hedges, Proofpoint Threat Research Team, Tommy Madjar
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication
ACR Stealer Amatera

2025-06-16 ⋅ HarfangLab ⋅ HarfangLab CTR
SadFuture: Mapping XDSpy latest evolution
XDSpy

2025-06-16 ⋅ Trend Micro ⋅ Aira Marcelo, Gabriel Nicoleta, Jovit Samaniego, Mohamed Fahmy
Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub

2025-06-14 ⋅ abuse.ch ⋅ abuse.ch
MalwareBazaar | SalatStealer
SalatStealer

2025-06-13 ⋅ Recorded Future ⋅ Recorded Future
GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT
PowerNet

2025-06-13 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet about APT27 SysUpdate activity
HyperSSL HyperSSL

2025-06-13 ⋅ Recorded Future ⋅ Insikt Group
GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT
EugenLoader POWERTRASH NetSupportManager RAT

2025-06-12 ⋅ Aikido ⋅ Charlie Eriksen
A deeper look into the threat actor behind the react-native-aria attack
JADESNOW

2025-06-12 ⋅ Check Point Research ⋅ Check Point
From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
AsyncRAT Skuld

2025-06-12 ⋅ Infoblox ⋅ Infoblox Threat Intelligence Group
Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal
DollyWay

2025-06-12 ⋅ CitizenLab ⋅ Bill Marczak, John Scott-Railton
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted

2025-06-12 ⋅ Symantec ⋅ Carbon Black, Threat Hunter Team
Fog Ransomware: Unusual Toolset Used in Recent Attack
Fog

2025-06-12 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 1: stealing data via legit Telegram API. Simple C example

2025-06-10 ⋅ Twitter (@threatinsight) ⋅ Threat Insight
Tweet regarding Aurotun / MonsterV2
MonsterV2