Threat Research

XWorm v7 RAT is a modular, malware-as-a-service Remote Access Trojan active since 2022, widely adopted by cybercriminals for its ease of deployment and extensive post-compromise capabilities....

SmokeLoader (also known as Smoke or Dofoil) is a long-standing modular malware loader active since 2011, primarily used to deliver second-stage payloads like trojans, ransomware, and info stealers. It features a plugin-based architecture enabling credential theft, browser hijacking, crypto mining, and DDoS attacks....

A sophisticated new infostealer and botnet called "Cyber Stealer" was discovered by the Threat Response Unit in May 2025. This multi-functional malware operates on a tiered subscription model with three packages—Regular, Premium, and VIP—offering escalating features from basic stealing to advanced capabilities like DDoS attacks, cryptocurrency mining, and DNS poisoning....

Hpingbot is a newly discovered, cross-platform botnet family written in Go, actively spreading since June 2025. Designed for Windows, Linux, and IoT devices, it supports multiple architectures including amd64, ARM, MIPS, and 80386. Unlike variants based on Mirai or Gafgyt, Hpingbot is built from scratch, showing advanced innovation and efficiency....

A critical vulnerability (CVE-2025-3248, CVSS 9.8) in Langflow versions prior to 1.3.0 is being actively exploited to deliver the Flodrix botnet. Attackers leverage this flaw to execute downloader scripts on compromised Langflow servers, enabling full system compromise, DDoS attacks, and potential data exposure....

"Zombies Never Die: Analysis of the Latest Situation of the Large Botnet AIRASHI" discusses the evolution of the AISURU botnet, which launched a large-scale DDoS attack on Steam and Perfect World in August 2024. After halting its activities in September, the botnet was updated and renamed AIRASHI in November 2024....

Since the end of 2024, a large-scale IoT botnet, primarily using malware variants from Mirai and Bashlite, has been launching DDoS attacks targeting companies globally, with a significant focus on Japan. The botnet infects devices like wireless routers and IP cameras by exploiting vulnerabilities and weak credentials....