Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Vampire Bot Go malware activity

Malware Activity
First reported
Last updated
Happening score
H score 28
2 unique sources, 2 articles

Summary

Hide ▲

BatShadow, a Vietnam-based threat group, is using phishing emails and ZIP archives to target job seekers and digital marketing professionals with Vampire Bot malware. The Go-based malware is built for continuous desktop surveillance, screenshots, and data theft, and it also checks in with a C2 server to receive commands and additional payloads. Aryaka said the campaign uses job-application lures to blend malicious activity into normal-looking workflow traffic.

Related Happenings

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

Open Happening

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

Vidar infostealer market rise and distribution expansion

Malware Activity
First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

LofyGang Minecraft LofyStealer campaign

Campaign
First: 28.04.2026 20:39 Last: 28.04.2026 20:39 Sources 1

About this happening: The **LofyGang** crew has re-emerged with a **Minecraft-player targeting** operation that uses **LofyStealer (GrabBot)**, increasing the risk of **credential and payment-data thef...

Open Happening

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Open Happening

Timeline

  1. 07.10.2025 20:04 3 articles · 7mo ago

    BatShadow delivers Vampire Bot through fake job documents

    Initial Disclosure

    BatShadow, described as a Vietnamese threat actor, uses recruiter impersonation and booby-trapped job documents to push job seekers and digital marketing professionals toward a Go-based malware called Vampire Bot. The delivery chain uses ZIP archives, malicious LNK files, PowerShell, fake Microsoft Edge download prompts, and a disguised payload such as Marriott_Marketing_Job_Description.pdf.exe; once installed, the malware can profile the host, steal information, capture screenshots, and contact api3.samsungcareers[.]work for commands or additional payloads.

    Show sources
    Open in new tab