Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Vampire Bot Go malware activity

Malware Activity
First reported
Last updated
Happening score
H score 28
2 unique sources, 2 articles

Summary

Hide ▲

BatShadow, a Vietnam-based threat group, is using phishing emails and ZIP archives to target job seekers and digital marketing professionals with Vampire Bot malware. The Go-based malware is built for continuous desktop surveillance, screenshots, and data theft, and it also checks in with a C2 server to receive commands and additional payloads. Aryaka said the campaign uses job-application lures to blend malicious activity into normal-looking workflow traffic.

Related Happenings

JustAskJacky fake AI assistant malware campaign

Campaign
H score33 First: 04.06.2026 17:00 Last: 04.06.2026 17:00 Sources 1

About this happening: The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...

Open Happening

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
H score28 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

Open Happening

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
H score16 First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

Vidar infostealer market rise and distribution expansion

Malware Activity
H score33 First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

Timeline

  1. 07.10.2025 20:04 3 articles · 8mo ago

    BatShadow delivers Vampire Bot through fake job documents

    Initial Disclosure

    BatShadow, described as a Vietnamese threat actor, uses recruiter impersonation and booby-trapped job documents to push job seekers and digital marketing professionals toward a Go-based malware called Vampire Bot. The delivery chain uses ZIP archives, malicious LNK files, PowerShell, fake Microsoft Edge download prompts, and a disguised payload such as Marriott_Marketing_Job_Description.pdf.exe; once installed, the malware can profile the host, steal information, capture screenshots, and contact api3.samsungcareers[.]work for commands or additional payloads.

    Show sources
    Open in new tab