Malware 2026 2026() 2025() 2024() 2023() 2022() OTHER() | Viry znalosti Evolution MALWARE DATABAZE Programy Virus Calendar MALWARE TRAFFIC UPDATE
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 1.6.26 | TencShell | Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware | MALWARE | RAT |
| 29.5.26 | TrollAgent | TrollAgent (Kimsuky Group) infected during the security program installation process | MALWARE | TROJAN |
| 27.5.26 | BTMOB | BTMOB: A stealthy RAT burrowing deep into Android devices | MALWARE | RAT |
| 27.5.26 | Glassworm | Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet | MALWARE | WORM |
| 25.5.26 | RemotePE | RemotePE: The Lazarus RAT that lives in memory | MALWARE | RAT |
| 25.5.26 | TrapDoor | TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io | MALWARE | CRYPTO |
| 23.5.26 | SHub | SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain | MALWARE | MacOS |
| 23.5.26 | NPM Stealer | I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). | MALWARE | STEALER |
| 22.5.26 | Showboat | Introducing Showboat: A new malware family taunts defenses and targets international telecom firms | MALWARE | LINUX |
| 20.5.26 | Webworm | Webworm: New burrowing techniques | MALWARE | WORM |
| 20.5.26 | Mikroceen | Mikroceen: Spying backdoor leveraged in high-profile networks in Central Asia | MALWARE | BACKDOOR |
| 17.5.26 | Remus | Remus: Unpacking the 64-bit Evolution of the Lumma Stealer | MALWARE | STEALER |
| 16.5.26 | Angry Spark | A VM-obfuscated backdoor observed on a single machine in the UK, operated for one year, and vanished without a trace. | MALWARE | BACKDOOR |
| 16.5.26 | Gremlin Stealer | This article examines new obfuscation techniques the Gremlin stealer malware uses to conceal malicious payloads within embedded resources. We analyze a variant protected by a sophisticated commercial packing utility that employs instruction virtualization, transforming the original code into a custom, non-standard bytecode executed by a private virtual machine. | MALWARE | STEALER |
| 14.5.26 | BitUnlocker | BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets | MALWARE | TOOL |
| 14.5.26 | PebbleDash-based tools | Kimsuky targets organizations with PebbleDash-based tools | MALWARE | TOOL |
| 14.5.26 | Gamaredon | Gamaredon: Now Downloading via Windows Updates Best Friend “BITS” | MALWARE | LOADER |
| 14.5.26 | GammaLoad | Gamaredon’s infection chain: Spoofed emails, GammaDrop and GammaLoadS | MALWARE | LOADER |
| 12.5.26 | Mini Shai-Hulud | Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack | MALWARE | PYTHON |
| 12.5.26 | TrickMo | New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps | MALWARE | ANDROID |
| 9.5.26 | TCLBANKER | TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook | MALWAREs | BANKING |
| 8.5.26 | Plague | ‘Plague’ malware exploits Pluggable Authentication Module to breach Linux systems | MALWARE | EXPLOIT |
| 8.5.26 | PamDOORa | PamDOORa: Analyzing a New Linux PAM-Based Backdoor for Sale on the Dark Web | MALWARE | BACKDOOR |
| 8.5.26 | Quasar Linux | Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities | MALWARE | RAT |
| 8.5.26 | PCPJack | PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale | MALWARE | WORM |
| 7.5.26 | ZiChatBot | While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files. | MALWARE | Python |
| 6.5.26 | CloudZ RAT | CloudZ RAT potentially steals OTP messages using Pheno plugin | MALWARE | RAT |
| 30.4.26 | PromptMink | Claude adds malware to crypto agent | MALWARE | AI |
| 29.4.26 | LofyStealer | LofyStealer: Malware targeting Minecraft players. | MALWARE | STEALER |
| 26.4.26 | fast16 | fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet | MALWARE | FRAMEWORK |
| 26.4.26 | SparkCat | SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play | MALWARE | TROJAN |
| 25.4.26 | FIRESTARTER | The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation. | MALWARE | BACKDOOR |
| 23.4.26 | CanisterSprawl | CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister | MALWARE | PYTHON |
| 23.4.26 | TeamPCP-Style CanisterWorm | Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation. | MALWARE | WORM |
| 22.4.26 | LOTUSLITE | LOTUSLITE: Targeted espionage leveraging geopolitical themes | MALWARE | LOADER |
| 22.4.26 | Lotus Wiper | Lotus Wiper: a new threat targeting the energy and utilities sector | MALWARE | WIPER |
| 17.4.26 | PhantomPulse | Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT | MALWARE | RAT |
| 14.4.26 | Mirax | Mirax: a new Android RAT turning infected devices into potential residential proxy nodes | MALWARE | ANDROID RAT |
| 14.4.26 | JanelaRAT | JanelaRAT: a financial threat targeting users in Latin AmericaLABYRINT | MALWARE | RAT |
| 12.4.26 | VENOM | Meet VENOM: The PhaaS Platform That Neutralizes MFA | MALWARE | MALWARE |
| 10.4.26 | PRISMEX | The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. | MALWARE | MALWARE |
| 10.4.26 | Chaos | Darktrace Identifies New Chaos Malware Variant Exploiting Misconfigurations in the Cloud | MALWARE | GO |
| 10.4.26 | LucidRook | New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations | MALWARE | LUA |
| 8.4.26 | ChainShell | ChainShell: MuddyWater’s Russian MaaS Link | MALWARE | SHELL |
| 8.4.26 | ROKRAT | Scarcruft’s ROKRAT Malware: Recent Changes | MALWARE | RAT |
| 3.4.26 | Infiniti Stealer | Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka | MALWARE | MACOS |
| 3.4.26 | CrystalX | A laughing RAT: CrystalX combines spyware, stealer, and prankware features | MALWARE | RAT |
| 2.4.26 | Torg Grabber | Torg Grabber: Anatomy of a New Credential Stealer | MALWARE | STEALER |
| 31.3.26 | AtlasCross RAT | Trust the Tunnel, Get the Trojan: Silver Fox Delivers AtlasCross RAT via Weaponized VPN Installers | MALWARE | RAT |
| 31.3.26 | DeepLoad | DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion | MALWARE | LOADER |
| 30.3.26 | CTRL TOOLKIT | Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework | MALWARE | TOOLKIT |
| 28.3.26 | VoidStealer | VoidStealer: Debugging Chrome to Steal Its Secrets | MALWARE | STEALER |
| 27.3.26 | BPFdoor | The strategic positioning of covert access within the world’s telecommunication networks | MALWARE | BACKDOOR |
|
25.3.26 |
GlassWorm Hides a RAT Inside a Malicious Chrome Extension |
WORM |
||
| 24.3.26 | StoatWaffle | StoatWaffle, malware used by WaterPlum | MALWARE | LOADER |
| 21.3.26 | CanisterWorm | Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets | MALWARE | WORM |
| 21.3.26 | PureLog Stealer | We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. | MALWARE | STEALER |
| 21.3.26 | KEENADU | Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud | MALWARE | ANDROID |
| 21.3.26 | Scarface Stealer | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of ScarfaceStealer, a Go-compiled information stealer that utilizes sophisticated anti-analysis techniques including: | MALWARE | STEALER |
| 20.3.26 | Speagle | New Malware Targets Users of Cobra DocGuard Software | MALWARE | INFOSTEALER |
| 20.3.26 | Perseus | Perseus: DTO malware that takes notes | MALWARE | ANDROID |
| 16.3.26 | DRILLAPP | Stealthy Backdoor Attack to Real-world Models in Android Apps | MALWARE | ANDROID |
| 15.3.26 | PhantomRaven | The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks | MALWARE | PYTHON |
| 15.3.26 | BlackSanta | A Silent Threat Targeting Recruitment Workflows | MALWARE | EDR and AV Killer |
| 15.3.26 | A0Backdoor | New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering | MALWARE | BACKDOOR |
| 14.3.26 | XWorm | XWorm has surged to the #3 global threat, using stealthy memory-only execution and the WinRAR CVE-2025-8088 exploit to bypass traditional security stacks. | MALWARE | WORM |
| 14.3.26 | Remcos RAT | This blog examines a Remcos campaign demonstrating the transition from phishing-based initial access to fully fileless execution. | MALWARE | FILELESS |
| 13.3.26 | Slopoly | A Slopoly start to AI-enhanced ransomware attacks | MALWARE | AI |
| 13.3.26 | VENON | VENON: The First Brazilian Banker RAT in Rust | MALWARE | BANKING RAT |
| 12.3.26 | TAXISPY RAT | TAXISPY RAT : Analysis of TaxiSpy RAT – Russian Banking – Focused Android Malware with Full Remote Control | MALWARE | RAT |
| 12.3.26 | BeatBanker | BeatBanker: A dual‑mode Android Trojan | MALWARE | Android |
| 8.3.26 | GIFTEDCROOK | GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations | MALWARE | STEALER |
| 6.3.26 | BadPaw and MeowMeow | Exposing a Russian Campaign Targeting Ukraine Using New Malware Duo: BadPaw and MeowMeow | MALWAREs | LOADER |
| 4.3.26 | Encrypted RAT | Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT | MALWARE | RAT |
| 3.3.26 | BurrowShell | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh | MALWARE | RAT |
| 1.3.26 | Arkanix | Arkanix Stealer: a C++ & Python infostealer | MALWARE | STEALER |
| 28.2.26 | SURXRAT | Cyble uncovers SURXRAT’s evolution across versions, built on ArsinkRAT code, and now downloading large LLM modules signaling an expansion of its operational capabilities. | MALWARE | AI |
| 27.2.26 | Rekoobe Backdoor | Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor | MALWARE | BACKDOOR |
| 27.2.26 | KazakRAT | While hunting for C2 infrastructure on Censys, we uncovered a suspected state-affiliated cluster targeting Kazakh and Afghan entities in a persistent campaign, with C2 servers active at the time of writing (20th Jan 2026) that have been operating unreported since at least August 2022. | MALWARE | RAT |
| 27.2.26 | DesckVB_RAT | This repository accompanies a full technical report documenting an active malware ecosystem centered around DesckVB RAT, a modular .NET Remote Access Trojan observed in live campaigns in early 2026. | MALWARE | RAT |
| 27.2.26 | Steaelite RAT | Steaelite RAT Enables Double Extortion Attacks from a Single Panel | MALWARE | RAT |
| 27.2.26 | Dohdoor | New Dohdoor malware campaign targets education and health care | MALWARE | BACKDOOR |
| 21.2.26 | Android.Phantom | Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud | MALWARE | ANDROID |
| 21.2.26 | Pulsar RAT | Uncovering a Recent Pulsar RAT Sample in the Wild | MALWARE | RAT |
| 20.2.26 | PromptSpy | PromptSpy ushers in the era of Android threats using GenAI | MALWARE | ANDROID |
| 18.2.26 | Keenadu | Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets | MALWARE | BACKDOOR |
| 17.2.26 | OpenClaw | Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations | MALWARE | AI AGENT |
| 17.2.26 | SmartLoader | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack | MALWARE | LOADER |
| 16.2.26 | RenEngine | The game is over: when “free” comes at too high a price. What we know about RenEngine | MALWARE | ENGINE |
| 15.2.26 | ZeroDayRAT | ZeroDayRAT - New Spyware Targeting Android and iOS | MALWARE | OS |
| 15.2.26 | WAVESHAPER | C++ backdoor that runs as a background daemon, collects host system information, communicates with C2 over HTTP/HTTPS using curl, and downloads and executes follow-on payloads. | MALWARE | BACKDOOR |
| 15.2.26 | HYPERCALL | Golang-based downloader that reads an RC4-encrypted configuration file, connects to C2 over WebSockets on TCP 443, downloads malicious dynamic libraries, and reflectively loads them into memory. | MALWARE | DOWNLOADER |
| 15.2.26 | HIDDENCALL | Golang-based backdoor reflectively injected by HYPERCALL that provides hands-on keyboard access, supports command execution and file operations, and deploys additional malware. | MALWARE | BACKDOOR |
| 15.2.26 | SILENCELIFT | Minimal C/C++ backdoor that beacons host information and lock screen status to a hard-coded C2 server and can interrupt Telegram communications when executed with root privileges. | MALWARE | BACKDOOR |
| 15.2.26 | DEEPBREATH | Swift-based data miner deployed via HIDDENCALL that bypasses macOS TCC protections by modifying the TCC database to gain broad filesystem access and steals keychain credentials, browser data, Telegram data, and Apple Notes data. | MALWARE | MINER |
| 15.2.26 | SUGARLOADER | C++ downloader that uses an RC4-encrypted configuration to retrieve next-stage payloads and was made persistent via a manually created launch daemon. | MALWARE | DEAMON |
| 15.2.26 | CHROMEPUSH | C++ browser data miner deployed by SUGARLOADER that installs as a Chromium native messaging host masquerading as a Google Docs Offline extension and collects keystrokes, credentials, cookies, and optionally screenshots. | MALWARE | MINER |
| 15.2.26 | LummaStealer | LummaStealer Is Getting a Second Life Alongside CastleLoader | MALWARE | STEALER |
| 15.2.26 | CastleLoader | GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries | MALWARE | LOADER |
| 11.2.26 | Koalemos RAT | No Fool's Errand: The Koalemos RAT Campaign | MALWARE | RAT |
| 3.2.26 | Chrysalis Backdoor | The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit | MALWARE | BACKDOOR |
| 2.2.26 | GlassWorm Loader | GlassWorm Loader Hits Open VSX via Developer Account Compromise | MALWARE | LOADER |
| 28.1.26 | Python RAT | Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT | MALWARE | PYTHON |
| 27.1.26 | PeckBirdy | PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups | MALWARE | FRAMEWORK |
| 26.1.26 | KONNI | KONNI Adopts AI to Generate PowerShell Backdoors | MALWARE | POWERSHELL |
| 24.1.26 | DynoWiper | Sandworm behind cyberattack on Poland’s power grid in late 2025 | MALWARE | WIPER |
| 23.1.26 | The Skeleton Key | The Skeleton Key: How Attackers Weaponize Trusted RMM Tools for Backdoor Access | MALWARE | TOOL |
| 21.1.26 | VoidLink | VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun | MALWARE | AI |
| 21.1.26 | Spread rat | Open-Source Python Script Drives Social Media Phishing Campaign | MALWARE | PYTHON |
| 20.1.26 | Evelyn | From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers | MALWARE | Stealer |
| 19.1.26 | ModeloRAT | Dissecting CrashFix: KongTuke's New Toy | MALWARE | RAT |
| 19.1.26 | StealC | UNO reverse card: stealing cookies from cookie stealers | MALWARE | Stealer |
| 17.1.26 | SOLYXIMMORTAL | EXECUTIVE SUMMARY SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, | MALWARE | PYTHON |
| 17.1.26 | Gootloader’s | Planned failure: Gootloader’s malformed ZIP actually works perfectly | MALWARE | LOADER |
| 17.1.26 | LOTUSLITE | LOTUSLITE: Targeted espionage leveraging geopolitical themes | MALWARE | BACKDOOR |
| 14.1.26 | VoidLink | Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework | MALWARE | Linux |
| 10.1.26 | RustyWater | Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | MALWARE | RAT |
| 8.1.26 | NodeCordRAT | Malicious NPM Packages Deliver NodeCordRAT | MALWARE | RAT |
| 5.1.26 | VVS Discord | VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion | MALWARE | STEALER |