Malware 2026 2026() 2025() 2024() 2023() 2022() OTHER()
| 3.4.26 | Infiniti Stealer | Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka | MALWARE | MACOS |
| 3.4.26 | CrystalX | A laughing RAT: CrystalX combines spyware, stealer, and prankware features | MALWARE | RAT |
| 2.4.26 | Torg Grabber | Torg Grabber: Anatomy of a New Credential Stealer | MALWARE | STEALER |
| 31.3.26 | AtlasCross RAT | Trust the Tunnel, Get the Trojan: Silver Fox Delivers AtlasCross RAT via Weaponized VPN Installers | MALWARE | RAT |
| 31.3.26 | DeepLoad | DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion | MALWARE | LOADER |
| 30.3.26 | CTRL TOOLKIT | Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework | MALWARE | TOOLKIT |
| 28.3.26 | VoidStealer | VoidStealer: Debugging Chrome to Steal Its Secrets | MALWARE | STEALER |
| 27.3.26 | BPFdoor | The strategic positioning of covert access within the world’s telecommunication networks | MALWARE | BACKDOOR |
|
25.3.26 |
GlassWorm Hides a RAT Inside a Malicious Chrome Extension |
WORM |
||
| 24.3.26 | StoatWaffle | StoatWaffle, malware used by WaterPlum | MALWARE | LOADER |
| 21.3.26 | CanisterWorm | Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets | MALWARE | WORM |
| 21.3.26 | PureLog Stealer | We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. | MALWARE | STEALER |
| 21.3.26 | KEENADU | Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud | MALWARE | ANDROID |
| 21.3.26 | Scarface Stealer | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of ScarfaceStealer, a Go-compiled information stealer that utilizes sophisticated anti-analysis techniques including: | MALWARE | STEALER |
| 20.3.26 | Speagle | New Malware Targets Users of Cobra DocGuard Software | MALWARE | INFOSTEALER |
| 20.3.26 | Perseus | Perseus: DTO malware that takes notes | MALWARE | ANDROID |
| 16.3.26 | DRILLAPP | Stealthy Backdoor Attack to Real-world Models in Android Apps | MALWARE | ANDROID |
| 15.3.26 | PhantomRaven | The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks | MALWARE | PYTHON |
| 15.3.26 | BlackSanta | A Silent Threat Targeting Recruitment Workflows | MALWARE | EDR and AV Killer |
| 15.3.26 | A0Backdoor | New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering | MALWARE | BACKDOOR |
| 14.3.26 | XWorm | XWorm has surged to the #3 global threat, using stealthy memory-only execution and the WinRAR CVE-2025-8088 exploit to bypass traditional security stacks. | MALWARE | WORM |
| 14.3.26 | Remcos RAT | This blog examines a Remcos campaign demonstrating the transition from phishing-based initial access to fully fileless execution. | MALWARE | FILELESS |
| 13.3.26 | Slopoly | A Slopoly start to AI-enhanced ransomware attacks | MALWARE | AI |
| 13.3.26 | VENON | VENON: The First Brazilian Banker RAT in Rust | MALWARE | BANKING RAT |
| 12.3.26 | TAXISPY RAT | TAXISPY RAT : Analysis of TaxiSpy RAT – Russian Banking – Focused Android Malware with Full Remote Control | MALWARE | RAT |
| 12.3.26 | BeatBanker | BeatBanker: A dual‑mode Android Trojan | MALWARE | Android |
| 8.3.26 | GIFTEDCROOK | GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations | MALWARE | STEALER |
| 6.3.26 | BadPaw and MeowMeow | Exposing a Russian Campaign Targeting Ukraine Using New Malware Duo: BadPaw and MeowMeow | MALWAREs | LOADER |
| 4.3.26 | Encrypted RAT | Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT | MALWARE | RAT |
| 3.3.26 | BurrowShell | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh | MALWARE | RAT |
| 1.3.26 | Arkanix | Arkanix Stealer: a C++ & Python infostealer | MALWARE | STEALER |
| 28.2.26 | SURXRAT | Cyble uncovers SURXRAT’s evolution across versions, built on ArsinkRAT code, and now downloading large LLM modules signaling an expansion of its operational capabilities. | MALWARE | AI |
| 27.2.26 | Rekoobe Backdoor | Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor | MALWARE | BACKDOOR |
| 27.2.26 | KazakRAT | While hunting for C2 infrastructure on Censys, we uncovered a suspected state-affiliated cluster targeting Kazakh and Afghan entities in a persistent campaign, with C2 servers active at the time of writing (20th Jan 2026) that have been operating unreported since at least August 2022. | MALWARE | RAT |
| 27.2.26 | DesckVB_RAT | This repository accompanies a full technical report documenting an active malware ecosystem centered around DesckVB RAT, a modular .NET Remote Access Trojan observed in live campaigns in early 2026. | MALWARE | RAT |
| 27.2.26 | Steaelite RAT | Steaelite RAT Enables Double Extortion Attacks from a Single Panel | MALWARE | RAT |
| 27.2.26 | Dohdoor | New Dohdoor malware campaign targets education and health care | MALWARE | BACKDOOR |
| 21.2.26 | Android.Phantom | Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud | MALWARE | ANDROID |
| 21.2.26 | Pulsar RAT | Uncovering a Recent Pulsar RAT Sample in the Wild | MALWARE | RAT |
| 20.2.26 | PromptSpy | PromptSpy ushers in the era of Android threats using GenAI | MALWARE | ANDROID |
| 18.2.26 | Keenadu | Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets | MALWARE | BACKDOOR |
| 17.2.26 | OpenClaw | Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations | MALWARE | AI AGENT |
| 17.2.26 | SmartLoader | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack | MALWARE | LOADER |
| 16.2.26 | RenEngine | The game is over: when “free” comes at too high a price. What we know about RenEngine | MALWARE | ENGINE |
| 15.2.26 | ZeroDayRAT | ZeroDayRAT - New Spyware Targeting Android and iOS | MALWARE | OS |
| 15.2.26 | WAVESHAPER | C++ backdoor that runs as a background daemon, collects host system information, communicates with C2 over HTTP/HTTPS using curl, and downloads and executes follow-on payloads. | MALWARE | BACKDOOR |
| 15.2.26 | HYPERCALL | Golang-based downloader that reads an RC4-encrypted configuration file, connects to C2 over WebSockets on TCP 443, downloads malicious dynamic libraries, and reflectively loads them into memory. | MALWARE | DOWNLOADER |
| 15.2.26 | HIDDENCALL | Golang-based backdoor reflectively injected by HYPERCALL that provides hands-on keyboard access, supports command execution and file operations, and deploys additional malware. | MALWARE | BACKDOOR |
| 15.2.26 | SILENCELIFT | Minimal C/C++ backdoor that beacons host information and lock screen status to a hard-coded C2 server and can interrupt Telegram communications when executed with root privileges. | MALWARE | BACKDOOR |
| 15.2.26 | DEEPBREATH | Swift-based data miner deployed via HIDDENCALL that bypasses macOS TCC protections by modifying the TCC database to gain broad filesystem access and steals keychain credentials, browser data, Telegram data, and Apple Notes data. | MALWARE | MINER |
| 15.2.26 | SUGARLOADER | C++ downloader that uses an RC4-encrypted configuration to retrieve next-stage payloads and was made persistent via a manually created launch daemon. | MALWARE | DEAMON |
| 15.2.26 | CHROMEPUSH | C++ browser data miner deployed by SUGARLOADER that installs as a Chromium native messaging host masquerading as a Google Docs Offline extension and collects keystrokes, credentials, cookies, and optionally screenshots. | MALWARE | MINER |
| 15.2.26 | LummaStealer | LummaStealer Is Getting a Second Life Alongside CastleLoader | MALWARE | STEALER |
| 15.2.26 | CastleLoader | GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries | MALWARE | LOADER |
| 11.2.26 | Koalemos RAT | No Fool's Errand: The Koalemos RAT Campaign | MALWARE | RAT |
| 3.2.26 | Chrysalis Backdoor | The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit | MALWARE | BACKDOOR |
| 2.2.26 | GlassWorm Loader | GlassWorm Loader Hits Open VSX via Developer Account Compromise | MALWARE | LOADER |
| 28.1.26 | Python RAT | Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT | MALWARE | PYTHON |
| 27.1.26 | PeckBirdy | PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups | MALWARE | FRAMEWORK |
| 26.1.26 | KONNI | KONNI Adopts AI to Generate PowerShell Backdoors | MALWARE | POWERSHELL |
|
24.1.26 |
Sandworm behind cyberattack on Poland’s power grid in late 2025 |
WIPER |
||
|
23.1.26 |
The Skeleton Key: How Attackers Weaponize Trusted RMM Tools for Backdoor Access |
TOOL |
||
|
21.1.26 |
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun |
AI |
||
|
21.1.26 |
Open-Source Python Script Drives Social Media Phishing Campaign |
PYTHON |
||
|
20.1.26 |
From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers |
Stealer |
||
|
19.1.26 |
Dissecting CrashFix: KongTuke's New Toy |
RAT |
||
|
19.1.26 |
UNO reverse card: stealing cookies from cookie stealers |
Stealer |
||
|
17.1.26 |
EXECUTIVE SUMMARY SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, |
PYTHON |
||
|
17.1.26 |
Planned failure: Gootloader’s malformed ZIP actually works perfectly |
LOADER |
||
|
17.1.26 |
LOTUSLITE: Targeted espionage leveraging geopolitical themes |
BACKDOOR |
||
|
14.1.26 |
Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework |
Linux |
||
|
10.1.26 |
Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant |
RAT |
||
|
8.1.26 |
Malicious NPM Packages Deliver NodeCordRAT |
RAT |
||
|
5.1.26 |
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion |
STEALER |