🚨 Salty2FA is a new phishkit linked to Storm-1575. Active since June, it bypasses 2FA methods, giving attackers access beyond stolen creds.

With its unique domain pattern and multi-stage execution chain, it targets finance, energy, telecom and more.

👉 Read analysis.

Top 10 last week's threats by uploads 🌐
⬇️ #Lumma 746 (796)
⬆️ #Xworm 521 (407)
⬇️ #Quasar 388 (470)
⬇️ #Agenttesla 342 (344)
⬆️ #Vidar 282 (260)
⬆️ #Remcos 272 (169)
⬆️ #Hijackloader 267 (90)
⬇️ #Stealc 228 (229)
⬇️ #Dcrat 219 (245)
⬇️ #Amadey 200 (227)

👉 Track them all.
#Top10Malware

🚨 ACR Stealer is a rising MaaS that steals credentials, crypto wallets and business data while evading defenses.

Its distribution has surged in 2025, targeting both enterprises and individuals.

👉 See how it works and how threat intelligence helps stop it.

🐟 Phishing activity in the past 7 days.
Track latest phishing threats in TI Lookup, now available for free.

👨‍💻 TI Lookup gives your SOC/DFIR instant access to live threat data and real-world attack context, helping optimize detection and response.

95% of teams already speed up investigations.
🔍 Start for free.

🚀 #ANYRUN's TI Feeds now integrate with IBM QRadar SIEM.

Cut MTTR/D, boost KPIs & optimize SOC ROI.

👉 Achieve stronger security and business results now.

Evasive malware tactics bypass traditional defenses 🚨

Join our technical webinar where our experts will walk through real-world cases and share practical detection tips.
 
📅 September 17 | Live session + Q&A
👉 Register and bring your team

🚨 From fake interviews to hijacked open source packages, Lazarus Group escalated its operations in 2025

Discover all active campaigns and malware of this APT and get actionable advice for your SOC to be ready for the next attack. Read now.

🚨 Fileinfectors Evolved: Spreading Ransomware Across Enterprise Networks
⚠️ Fileinfector malware inserts its code into files. These threats once spread mainly through external drives and local systems. Today’s file infectors are mostly hybrid variants, frequently combined with ransomware.

These variants encrypt data and inject malicious code into files, enabling further spread when infected files are executed.

❗️ They are especially dangerous in corporate environments with shared folders, where a single infected file can rapidly spread across the network and cause widespread damage.
Such outbreaks overwhelm security teams, complicate incident response, and disrupt business continuity.

👨‍💻 An optimized SOC that relies on early detection, behavioral analysis, and proactive hunting is critical to limiting impact. Let’s see malware execution on a live system.
👉 See analysis.

In this case, the malware is interacting with multiple files and modifying their content. The infected files became executables, with PE headers confirming injected malicious code.
The analysis revealed hybrid behavior: a fileinfector acting like ransomware, enabling further spread on execution.

🔍 Use this TI Lookup search query to explore fileinfector activity and enrich IOCs with actionable threat context.
👾 Gather malware hashes and infected files to power proactive hunting.

Hybrid fileinfectors pose a significant threat to enterprise networks. Leveraging #ANYRUN Sandbox and TI Lookup reduces MTTR by up to 21 minutes per case and gives access to 24x more IOCs from millions of past analyses.

Strengthen resilience and protect critical assets through proactive security with #ANYRUN 🚀 #ExploreWithANYRUN

👾 73% of attacks start with phishing, yet SOC teams often miss early signs. IOC enrichment helps detect them earlier and refine detection rules.

👉 See how context-rich data strengthens proactive defense.

Top 10 last week's threats by uploads 🌐

⬆️ #Lumma 969 (726)
⬆️ #Quasar 399 (381)
⬆️ #Amadey 382 (192)
⬆️ #Redline 376 (179)
⬆️ #Vidar 365 (275)
⬇️ #Agenttesla 291 (336)
⬆️ #Remcos 274 (262)
⬇️ #Xworm 261 (515)
⬆️ #Dcrat 245 (209)
⬆️ #Stealc 233 (224)

👉 Track them all.
#Top10Malware