Dark | Light
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@virusbtn Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::118059149.png) @virusbtn Virus Bulletin

Virus Bulletin posts on X about $4704t, micro, $zs, whatsapp the most. They currently have XXXXXX followers and XXX posts still getting attention that total XXXXXX engagements in the last XX hours.

### Engagements: XXXXXX [#](/creator/twitter::118059149/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:interactions.svg)

- X Week XXXXXX +36%
- X Month XXXXXXX +8.50%
- X Months XXXXXXX +49%
- X Year XXXXXXX +21%

### Mentions: XX [#](/creator/twitter::118059149/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:posts_active.svg)

- X Week XX -XX%
- X Month XX +7.50%
- X Months XXX +7.60%
- X Year XXX +134%

### Followers: XXXXXX [#](/creator/twitter::118059149/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:followers.svg)

- X Week XXXXXX +0.13%
- X Month XXXXXX +0.30%
- X Months XXXXXX +1.20%
- X Year XXXXXX +1.40%

### CreatorRank: XXXXXXX [#](/creator/twitter::118059149/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:influencer_rank.svg)

### Social Influence [#](/creator/twitter::118059149/influence)
---

**Social category influence**
[technology brands](/list/technology-brands)  [stocks](/list/stocks)  [luxury brands](/list/luxury-brands)  [automotive brands](/list/automotive-brands)  [finance](/list/finance) 

**Social topic influence**
[$4704t](/topic/$4704t) #7, [micro](/topic/micro) #505, [$zs](/topic/$zs) #56, [whatsapp](/topic/whatsapp), [vpn](/topic/vpn), [notification](/topic/notification), [dove](/topic/dove), [vulnerability](/topic/vulnerability), [protocol](/topic/protocol), [static](/topic/static)

**Top assets mentioned**
[Zscaler Inc (ZS)](/topic/$zs)
### Top Social Posts [#](/creator/twitter::118059149/posts)
---
Top posts by engagements in the last XX hours

"McAfees Threat Research team uncovers a new Astaroth campaign leveraging GitHub to host malware configurations. Infection starts with a phishing link that downloads a zipped LNK. When executed it installs Astaroth"  
[X Link](https://x.com/virusbtn/status/1977661587281563744) [@virusbtn](/creator/x/virusbtn) 2025-10-13T09:04Z 60.7K followers, 4918 engagements


"FortiGuard Labs details a Stealit campaign that shifts from Electron installers to the Node.js Single Executable Application feature while still posing as game and VPN installers"  
[X Link](https://x.com/virusbtn/status/1977664055881138494) [@virusbtn](/creator/x/virusbtn) 2025-10-13T09:13Z 60.7K followers, 9429 engagements


"Trend Micro researchers examine the past TTPs used by UNC3886 to get a good understanding of the threat group and enhance the overall defensive posture against similar tactics"  
[X Link](https://x.com/virusbtn/status/1954840152968204612) [@virusbtn](/creator/x/virusbtn) 2025-08-11T09:39Z 60.6K followers, 3580 engagements


"Seqrite Threat Research reports Spanish language judicial notification lures targeting Colombian users using SVG HTA VBS and PowerShell stages to download and decode a loader ending with AsyncRAT injected into a legitimate Windows process"  
[X Link](https://x.com/virusbtn/status/1978012710093947289) [@virusbtn](/creator/x/virusbtn) 2025-10-14T08:19Z 60.6K followers, 3919 engagements


"Trend Micro's Dove Chiu & Lucien Chuang uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352 allowing remote code execution and rootkit deployment on unprotected devices"  
[X Link](https://x.com/virusbtn/status/1978743591833854051) [@virusbtn](/creator/x/virusbtn) 2025-10-16T08:43Z 60.7K followers, 4873 engagements


"Trend Micro researchers detail a Crypto24 ransomware campaign mixing legitimate tools with custom malware in coordinated multi-stage attacks to move laterally persist evade defences and steal data across Asia Europe and the US"  
[X Link](https://x.com/virusbtn/status/1956282069606191234) [@virusbtn](/creator/x/virusbtn) 2025-08-15T09:09Z 60.6K followers, 6466 engagements


"Zscaler ThreatLabz identifies a campaign active since early May 2025 targeting Chinese-speaking users that delivers ValleyRAT FatalRAT & the newly named kkRAT. The blog details the attack chain and kkRATs features network protocol commands & plugins"  
[X Link](https://x.com/virusbtn/status/1966088889338134964) [@virusbtn](/creator/x/virusbtn) 2025-09-11T10:38Z 60.6K followers, 2776 engagements


"Zscaler's ThreatLabz tracks SmokeLoaders return with new 2025-alpha and 2025 builds after the May 2024 Operation Endgame takedown. The builds fix performance-impacting bugs and update artifacts to evade static and behaviour-based detection"  
[X Link](https://x.com/virusbtn/status/1967974200150462543) [@virusbtn](/creator/x/virusbtn) 2025-09-16T15:29Z 60.6K followers, 3336 engagements


"Zscaler ThreatLabz reports two malicious PyPI packages sisaws and secmeasure that deliver SilentSync a Python-based RAT designed to execute remote commands exfiltrate files capture screens and steal browser data from Chrome Brave Edge and Firefox"  
[X Link](https://x.com/virusbtn/status/1968607386488164361) [@virusbtn](/creator/x/virusbtn) 2025-09-18T09:25Z 60.6K followers, 2413 engagements


"ThreatLabz discovered a multi-stage ClickFix campaign likely affiliated with the Russia-linked APT group COLDRIVER targeting members of Russian civil society. The campaign led to a new downloader BAITSWITCH & a new PowerShell-based backdoor SIMPLEFIX"  
[X Link](https://x.com/virusbtn/status/1973296957386007024) [@virusbtn](/creator/x/virusbtn) 2025-10-01T08:00Z 60.6K followers, 6446 engagements


"Warlock ransomware advertises itself with If you want a Lamborghini please contact me. Trend Micro analyses how it exploits unpatched SharePoint for access privilege escalation credential theft lateral movement and data exfiltration before encryption"  
[X Link](https://x.com/virusbtn/status/1958462357589418247) [@virusbtn](/creator/x/virusbtn) 2025-08-21T09:33Z 60.7K followers, 2820 engagements


"Trend Micro's Nick Dai & Pierre Lee look into the TAOTH campaign targeting users across Eastern Asia which leveraged an abandoned Sogou Zhuyin IME update server & spear-phishing operations to deliver malware families such as TOSHIS C6DOOR DESFY & GTELAM"  
[X Link](https://x.com/virusbtn/status/1961368470370517328) [@virusbtn](/creator/x/virusbtn) 2025-08-29T10:00Z 60.7K followers, 5529 engagements


"Trend Micro researchers Buddy Tancio Aldrin Ceriola Khristoffer Jocson Nusrath Iqra & Faith Higgins analyse a campaign distributing Atomic macOS Stealer (AMOS) in disguised cracked versions of legitimate apps"  
[X Link](https://x.com/virusbtn/status/1963955573684109470) [@virusbtn](/creator/x/virusbtn) 2025-09-05T13:21Z 60.7K followers, 1868 engagements


"Trend Micro details the Gentlemen ransomware group showing advanced tooling to bypass enterprise endpoint protections. TTPs include driver abuse GPO manipulation custom anti-AV utilities privileged account compromise and exfiltration"  
[X Link](https://x.com/virusbtn/status/1965728664798302486) [@virusbtn](/creator/x/virusbtn) 2025-09-10T10:46Z 60.7K followers, 2158 engagements


"Trend Micro details EvilAI which disguises itself as productivity/AI apps and is signed to appear legitimate. Infections span Europe the Americas and AMEA hitting manufacturing government and healthcare sectors"  
[X Link](https://x.com/virusbtn/status/1966452305764532572) [@virusbtn](/creator/x/virusbtn) 2025-09-12T10:42Z 60.7K followers, 2153 engagements


"Trend Micro researchers identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victims contacts"  
[X Link](https://x.com/virusbtn/status/1974043525797839330) [@virusbtn](/creator/x/virusbtn) 2025-10-03T09:27Z 60.7K followers, 3157 engagements


"The Resecurity HUNTER Team warns of a mass exploitation of CVE-2025-61882 in Oracle E-Business Suite enabling remote code execution. Several victims received extortion emails from Cl0p in late September 2025"  
[X Link](https://x.com/virusbtn/status/1975497068216221984) [@virusbtn](/creator/x/virusbtn) 2025-10-07T09:42Z 60.7K followers, 3318 engagements


"FortiGuard Labs analyses Chaos ransomware which resurfaced in 2025 with a new C++ variant. The analysis provides a walkthrough of its execution flow encryption and clipboard hijacking for cryptocurrency with comparisons to earlier .NET builds"  
[X Link](https://x.com/virusbtn/status/1976206241903898684) [@virusbtn](/creator/x/virusbtn) 2025-10-09T08:40Z 60.7K followers, 3213 engagements


"Threat Research details AdaptixC2 a lightweight open-source C2 with multi-protocol communication advanced evasion and BOF-based extensibility confirming XXX active servers in the wild"  
[X Link](https://x.com/virusbtn/status/1976570418191646926) [@virusbtn](/creator/x/virusbtn) 2025-10-10T08:48Z 60.7K followers, 14.5K engagements


"Red Canary tracks macOS stealers in 20242025 noting that Poseidon Stealer was sold and rebranded as Odyssey Stealer which shares significant code and features with Atomic Stealer (aka AMOS)"  
[X Link](https://x.com/virusbtn/status/1978013070040469825) [@virusbtn](/creator/x/virusbtn) 2025-10-14T08:20Z 60.7K followers, 3355 engagements


"Cyble Research and Intelligence Labs observes Android campaigns posing as Indian Regional Transport Office apps spreading via WhatsApp & SMS to GitHub-hosted APKs & compromised sites then using phishing pages to collect banking credentials & UPI PINs"  
[X Link](https://x.com/virusbtn/status/1978382454109999316) [@virusbtn](/creator/x/virusbtn) 2025-10-15T08:48Z 60.7K followers, 2034 engagements


"A FortiGuard article examines methodologies employed to identify strategic connections between Winos XXX attack campaigns across Asia revealing how seemingly unrelated attacks are linked through shared infrastructure code patterns & operational tactics"  
[X Link](https://x.com/virusbtn/status/1980193328781234468) [@virusbtn](/creator/x/virusbtn) 2025-10-20T08:44Z 60.7K followers, 31.8K engagements

[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

@virusbtn Avatar @virusbtn Virus Bulletin

Virus Bulletin posts on X about $4704t, micro, $zs, whatsapp the most. They currently have XXXXXX followers and XXX posts still getting attention that total XXXXXX engagements in the last XX hours.

Engagements: XXXXXX #

Engagements Line Chart

  • X Week XXXXXX +36%
  • X Month XXXXXXX +8.50%
  • X Months XXXXXXX +49%
  • X Year XXXXXXX +21%

Mentions: XX #

Mentions Line Chart

  • X Week XX -XX%
  • X Month XX +7.50%
  • X Months XXX +7.60%
  • X Year XXX +134%

Followers: XXXXXX #

Followers Line Chart

  • X Week XXXXXX +0.13%
  • X Month XXXXXX +0.30%
  • X Months XXXXXX +1.20%
  • X Year XXXXXX +1.40%

CreatorRank: XXXXXXX #

CreatorRank Line Chart

Social Influence #

Social category influence technology brands stocks luxury brands automotive brands finance

Social topic influence $4704t #7, micro #505, $zs #56, whatsapp, vpn, notification, dove, vulnerability, protocol, static

Top assets mentioned Zscaler Inc (ZS)

Top Social Posts #

Top posts by engagements in the last XX hours

"McAfees Threat Research team uncovers a new Astaroth campaign leveraging GitHub to host malware configurations. Infection starts with a phishing link that downloads a zipped LNK. When executed it installs Astaroth"
X Link @virusbtn 2025-10-13T09:04Z 60.7K followers, 4918 engagements

"FortiGuard Labs details a Stealit campaign that shifts from Electron installers to the Node.js Single Executable Application feature while still posing as game and VPN installers"
X Link @virusbtn 2025-10-13T09:13Z 60.7K followers, 9429 engagements

"Trend Micro researchers examine the past TTPs used by UNC3886 to get a good understanding of the threat group and enhance the overall defensive posture against similar tactics"
X Link @virusbtn 2025-08-11T09:39Z 60.6K followers, 3580 engagements

"Seqrite Threat Research reports Spanish language judicial notification lures targeting Colombian users using SVG HTA VBS and PowerShell stages to download and decode a loader ending with AsyncRAT injected into a legitimate Windows process"
X Link @virusbtn 2025-10-14T08:19Z 60.6K followers, 3919 engagements

"Trend Micro's Dove Chiu & Lucien Chuang uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352 allowing remote code execution and rootkit deployment on unprotected devices"
X Link @virusbtn 2025-10-16T08:43Z 60.7K followers, 4873 engagements

"Trend Micro researchers detail a Crypto24 ransomware campaign mixing legitimate tools with custom malware in coordinated multi-stage attacks to move laterally persist evade defences and steal data across Asia Europe and the US"
X Link @virusbtn 2025-08-15T09:09Z 60.6K followers, 6466 engagements

"Zscaler ThreatLabz identifies a campaign active since early May 2025 targeting Chinese-speaking users that delivers ValleyRAT FatalRAT & the newly named kkRAT. The blog details the attack chain and kkRATs features network protocol commands & plugins"
X Link @virusbtn 2025-09-11T10:38Z 60.6K followers, 2776 engagements

"Zscaler's ThreatLabz tracks SmokeLoaders return with new 2025-alpha and 2025 builds after the May 2024 Operation Endgame takedown. The builds fix performance-impacting bugs and update artifacts to evade static and behaviour-based detection"
X Link @virusbtn 2025-09-16T15:29Z 60.6K followers, 3336 engagements

"Zscaler ThreatLabz reports two malicious PyPI packages sisaws and secmeasure that deliver SilentSync a Python-based RAT designed to execute remote commands exfiltrate files capture screens and steal browser data from Chrome Brave Edge and Firefox"
X Link @virusbtn 2025-09-18T09:25Z 60.6K followers, 2413 engagements

"ThreatLabz discovered a multi-stage ClickFix campaign likely affiliated with the Russia-linked APT group COLDRIVER targeting members of Russian civil society. The campaign led to a new downloader BAITSWITCH & a new PowerShell-based backdoor SIMPLEFIX"
X Link @virusbtn 2025-10-01T08:00Z 60.6K followers, 6446 engagements

"Warlock ransomware advertises itself with If you want a Lamborghini please contact me. Trend Micro analyses how it exploits unpatched SharePoint for access privilege escalation credential theft lateral movement and data exfiltration before encryption"
X Link @virusbtn 2025-08-21T09:33Z 60.7K followers, 2820 engagements

"Trend Micro's Nick Dai & Pierre Lee look into the TAOTH campaign targeting users across Eastern Asia which leveraged an abandoned Sogou Zhuyin IME update server & spear-phishing operations to deliver malware families such as TOSHIS C6DOOR DESFY & GTELAM"
X Link @virusbtn 2025-08-29T10:00Z 60.7K followers, 5529 engagements

"Trend Micro researchers Buddy Tancio Aldrin Ceriola Khristoffer Jocson Nusrath Iqra & Faith Higgins analyse a campaign distributing Atomic macOS Stealer (AMOS) in disguised cracked versions of legitimate apps"
X Link @virusbtn 2025-09-05T13:21Z 60.7K followers, 1868 engagements

"Trend Micro details the Gentlemen ransomware group showing advanced tooling to bypass enterprise endpoint protections. TTPs include driver abuse GPO manipulation custom anti-AV utilities privileged account compromise and exfiltration"
X Link @virusbtn 2025-09-10T10:46Z 60.7K followers, 2158 engagements

"Trend Micro details EvilAI which disguises itself as productivity/AI apps and is signed to appear legitimate. Infections span Europe the Americas and AMEA hitting manufacturing government and healthcare sectors"
X Link @virusbtn 2025-09-12T10:42Z 60.7K followers, 2153 engagements

"Trend Micro researchers identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victims contacts"
X Link @virusbtn 2025-10-03T09:27Z 60.7K followers, 3157 engagements

"The Resecurity HUNTER Team warns of a mass exploitation of CVE-2025-61882 in Oracle E-Business Suite enabling remote code execution. Several victims received extortion emails from Cl0p in late September 2025"
X Link @virusbtn 2025-10-07T09:42Z 60.7K followers, 3318 engagements

"FortiGuard Labs analyses Chaos ransomware which resurfaced in 2025 with a new C++ variant. The analysis provides a walkthrough of its execution flow encryption and clipboard hijacking for cryptocurrency with comparisons to earlier .NET builds"
X Link @virusbtn 2025-10-09T08:40Z 60.7K followers, 3213 engagements

"Threat Research details AdaptixC2 a lightweight open-source C2 with multi-protocol communication advanced evasion and BOF-based extensibility confirming XXX active servers in the wild"
X Link @virusbtn 2025-10-10T08:48Z 60.7K followers, 14.5K engagements

"Red Canary tracks macOS stealers in 20242025 noting that Poseidon Stealer was sold and rebranded as Odyssey Stealer which shares significant code and features with Atomic Stealer (aka AMOS)"
X Link @virusbtn 2025-10-14T08:20Z 60.7K followers, 3355 engagements

"Cyble Research and Intelligence Labs observes Android campaigns posing as Indian Regional Transport Office apps spreading via WhatsApp & SMS to GitHub-hosted APKs & compromised sites then using phishing pages to collect banking credentials & UPI PINs"
X Link @virusbtn 2025-10-15T08:48Z 60.7K followers, 2034 engagements

"A FortiGuard article examines methodologies employed to identify strategic connections between Winos XXX attack campaigns across Asia revealing how seemingly unrelated attacks are linked through shared infrastructure code patterns & operational tactics"
X Link @virusbtn 2025-10-20T08:44Z 60.7K followers, 31.8K engagements

@virusbtn
/creator/twitter::virusbtn