Global Malware Campaign Activity – August 2025 Summary
Blog Global Malware Campaign Activity – August 2025 Summary Malware campaigns remain one of the most disruptive forces facing organizations today, driving operational outages, financial losses, and large-scale data theft. The ThreatMon August 2025 General Malware Campaign Summary Report highlights how adversaries continue to evolve abusing trust, hijacking legitimate platforms, and deploying stealthy malware to […]
Retro-C2: A New Breed of Open-Source Remote Access Trojan
Blog Retro-C2: A New Breed of Open-Source Remote Access Trojan In the ever-expanding threat landscape of 2025, a new malware toolkit is drawing widespread attention: Retro-C2. Developed by a Turkish-speaking threat actor known as ZeroTrace, this C++-based Remote Access Trojan (RAT) and infostealer is not just another commodity tool—it’s a modular, stealthy, and dangerously accessible […]
Inside Godfather: A Modern Mobile Trojan
Blog Inside the Godfather Android Malware: How Cybercriminals Hijack Real Apps to Steal Your Money The Android threat landscape has entered a new phase—and Godfather is leading the charge. This advanced banking trojan doesn’t just mimic financial apps—it runs the real ones in a hidden virtual environment and silently siphons off credentials, OTPs, and session […]
Inside GOGLoader: The Stealthy Malware Loader Challenging Modern Defenses
Blog Inside GOGLoader: The Stealthy Malware Loader Challenging Modern Defenses ThreatMon’s Malware Research & Development team has uncovered the inner workings of GOGLoader, a sophisticated hybrid malware loader sold as Malware-as-a-Service (MaaS). This loader seamlessly combines native C++ components with .NET payloads, offering cybercriminals a flexible and powerful toolkit for stealthy, persistent attacks. 🔎 Why […]
Understanding Pulsar RAT A Closer Look at a Powerful Remote Access Tool
Blog Understanding Pulsar RAT A Closer Look at a Powerful Remote Access Tool: It is a powerful and flexible tool that shows how cyber threats are evolving. In recent years, the cybersecurity space has seen a proliferation of tools that are both useful and dangerous, depending on who is using them. Pulsar RAT is one […]
SpyMax Variant Targeting Chinese-Speaking Users
Blog SpyMax Variant Targeting Chinese-Speaking Users In early 2025, our threat intelligence team analyzed a highly sophisticated Android spyware disguised as the official application of the Chinese Prosecutor’s Office (检察院). What we uncovered was a deeply invasive mobile surveillance tool—an advanced variant of the SpyMax/SpyNote family—targeting Chinese-speaking users across mainland China and Hong Kong. 🎯 […]
How to Detect and Respond to Stealer Log Incidents: 10 Tips
Blog Stealer log .. This article is about ‘How to Detect and Respond to Stealer Log Incidents: 10 Tips’ Introduction Stealer logs are a growing cybersecurity threat, leaking sensitive data like login credentials, session cookies, and financial information. Instead of breaking in, cybercriminals increasingly rely on stolen data to gain unauthorized access. The good news? […]
Amnesia Stealer
Blog The Amnesia Stealer is a sophisticated and dangerous piece of malware. In the current digital environment, cybercriminals are always updating their strategies, using fresh technologies to get around security measures and access systems. The Amnesia Stealer, a sophisticated and dangerous piece of malware, has recently been added to their arsenal, garnering global attention from […]
X-ZIGZAG RAT
Blog Unraveling the Tactics of a Sophisticated RAM-Based Threat Cyber threats continue to evolve, and one of the most recent and sophisticated examples is the X-ZIGZAG RAT. Detected by ThreatMon in 2024, this malware targets Windows systems using advanced techniques to evade detection, such as operating entirely in RAM and employing complex sandbox and virtual […]
Ailurophile Stealer: A Threatening Information Stealer Malware
Blog This blog summarizes the Ailurophile Stealer Technical & Malware Analysis Report. It explains in detail the technical analysis and how one can secure oneself against security vulnerabilities. What is Ailurophile Stealer? Ailurophile Stealer is an advanced information-stealing malware that first appeared on ThreatMon on August 15, 2024. The malware is hosted on publicly accessible domains: ailurophilestealer[.]com […]
Kematian Stealer Technical Analysis
Blog In the ever-evolving world of cybersecurity, new threats emerge constantly, challenging our defenses and requiring continuous vigilance. One such threat that has recently come to light is the “Kematian Stealer,” an advanced information-stealing malware. ThreatMon’s Kematian Stealer Technical Analysis Report aims to provide an in-depth analysis of this potent malware, its features, and the […]
Navigating the Threat Landscape: Stealer Logs and Their Impact on Security
Blog The new era of the digital domain has brought the world closer together in unprecedented ways, offering a level of ease and expedience that has never before been possible. However, it has also created its own unique set of security-related problems, including one of the most serious and evolving kinds of stealer logs. What […]
PyPI Package ‘secretslib’ Drops Fileless Cryptominer to Linux Systems
Blog PyPI Package ‘secretslib’ PyPI Package ‘secretslib’ Drops Fileless Cryptominer to Linux Systems. A PyPI package named “secretslib” has been identified by Sonatype, which describes itself as “secret mapping and verification made easy”. The package secretly runs cryptominers in the memory of the Linux machine, a technique largely used by fileless malware and cryptominers. Secretslib […]
Kaspersky Published a Report on Malicious Browser Extensions
Blog Malicious Browser Extensions Kaspersky’s report highlights the rise of malicious browser extensions that steal cryptocurrency and perform web injects. Kaspersky analyzed threat statistics by processing data voluntarily shared by its users for the period from January 2020 to June 2022. According to this data, during the first half of this year, 1,311,557 users tried to […]
Akira: Undetectable Stealer Unleashed
Blog Introduction A new Stealer named Akira has been put up for sale on Telegram. It has the following features: Password grabber Cookies grabber Bookmarks grabber Crypto wallets and 2fa extensions dump (Grabs 💸 Zcash, 🚀 Armory, 📀 Bytecoin, 💵 Jaxx, 💎 Exodus desktop/extension, 📉 Ethereum, 🔨 Electrum, 🕹 AtomicWallet, 💹 Guarda, ⚡️ Coinbase, 🦊 […]
ChatGPT and Malware Analysis – ThreatMon
Blog Explore how ChatGPT can assist in malware analysis by generating human-like responses, analyzing code and providing insights into malicious behaviors. What is ChatGPT? ChatGPT is an AI driven chatbot launched by OpenAI in November 2022. ChatGPT is a variant of the GPT (Generative Pre-training Transformer) language model that has been fine-tuned for the task […]
TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files
Blog The TA558 APT advanced persistent threat group has been observed utilizing malicious Microsoft Compiled HTML Help (.chm) files to deliver malware payloads, targeting sectors such as hospitality and travel. Who is TA558 APT? TA558, a financially-motivated cybercrime group, has been targeting the hospitality, travel, and related industries located in Latin America, North America, and […]
FluBot Android Malware Technical Analysis
Blog Explore FluBot Android Malware Technical Analysis, known for stealing sensitive data through SMS phishing and remote access capabilities. FluBot Android Malware The FluBot it’s an Android malware that targets Android devices and spreads to victims via phishing SMS messages that contain a malicious link to download the FluBot app. Victims click on this link […]