[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@virusbtn Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::118059149.png) @virusbtn Virus Bulletin

Virus Bulletin posts on X about $4704t, iot, future, dove the most. They currently have XXXXXX followers and XXX posts still getting attention that total XXXXX engagements in the last XX hours.

### Engagements: XXXXX [#](/creator/twitter::118059149/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:interactions.svg)

- X Week XXXXXX +24%
- X Month XXXXXX -XX%
- X Months XXXXXXX +122%
- X Year XXXXXXX +31%

### Mentions: XX [#](/creator/twitter::118059149/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:posts_active.svg)

- X Week XX +8%
- X Month XX -XX%
- X Months XXX +78%
- X Year XXX +80%

### Followers: XXXXXX [#](/creator/twitter::118059149/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:followers.svg)

- X Week XXXXXX +0.10%
- X Month XXXXXX -XXXX%
- X Months XXXXXX +0.98%
- X Year XXXXXX +1.40%

### CreatorRank: XXXXXXX [#](/creator/twitter::118059149/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::118059149/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [stocks](/list/stocks)  [countries](/list/countries)  [cryptocurrencies](/list/cryptocurrencies) 

**Social topic influence**
[$4704t](/topic/$4704t) #7, [iot](/topic/iot), [future](/topic/future), [dove](/topic/dove), [$zs](/topic/$zs), [capabilities](/topic/capabilities), [tru](/topic/tru), [brazil](/topic/brazil), [germany](/topic/germany), [target](/topic/target)

**Top accounts mentioned or mentioned by**
[@cyberalliance](/creator/undefined) [@cryptax](/creator/undefined) [@fortinet](/creator/undefined) [@xme](/creator/undefined) [@softwareclean](/creator/undefined) [@talossecurity](/creator/undefined) [@tccontre18](/creator/undefined) [@eromang](/creator/undefined) [@tera0017](/creator/undefined) [@0xchill](/creator/undefined) [@oct0xor](/creator/undefined) [@2igosha](/creator/undefined) [@rommeljoven17](/creator/undefined) [@forensicitguy](/creator/undefined) [@gossithedog](/creator/undefined) [@johullrich](/creator/undefined) [@micahbabinski](/creator/undefined) [@unmaskparasites](/creator/undefined) [@jamsec](/creator/undefined) [@nzargarov](/creator/undefined)

**Top assets mentioned**
[Zscaler Inc (ZS)](/topic/$zs) [Ethereum (ETH)](/topic/ethereum) [Alphabet Inc Class A (GOOGL)](/topic/$googl)
### Top Social Posts
Top posts by engagements in the last XX hours

"Trend Micro Research observes increased Lumma Stealer activity and notes the malware now uses browser fingerprinting in its command-and-control tactics"  
[X Link](https://x.com/virusbtn/status/1988914263964946618)  2025-11-13T10:18Z 60.4K followers, 4493 engagements


"FortiGuard Labs observed malware named ShadowV2 spreading via IoT vulnerabilities at the end of October during a global disruption of AWS connections. This activity was likely a test run conducted in preparation for future attacks"  
[X Link](https://x.com/virusbtn/status/1994016386499088466)  2025-11-27T12:12Z 60.4K followers, 3046 engagements


"FortiGuard Labs analyses eBPF-based malware where Symbiote and BPFDoor abuse Linux kernel BPF filters. New 2025 variants improve stealth by port-hopping to high UDP ports and supporting IPv6 making these rootkits rare but powerful and hard to detect"  
[X Link](https://x.com/virusbtn/status/1996158638247792982)  2025-12-03T10:04Z 60.4K followers, 5270 engagements


"Trend Micro's Dove Chiu & Lucien Chuang uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352 allowing remote code execution and rootkit deployment on unprotected devices"  
[X Link](https://x.com/virusbtn/status/1978743591833854051)  2025-10-16T08:43Z 60.4K followers, 5071 engagements


"Trend Micro's Junestherry Dela Cruz examines the latest version of the Vidar stealer which features a full rewrite in C a multithreaded architecture and several enhancements that warrant attention"  
[X Link](https://x.com/virusbtn/status/1980924032469086569)  2025-10-22T09:07Z 60.4K followers, 5614 engagements


"Zscaler researchers analyse a recent multi-stage attack that started from exploitation of a Windows MMC vulnerability and is attributed to the Water Gamayun APT group"  
[X Link](https://x.com/virusbtn/status/1993619764347044286)  2025-11-26T09:56Z 60.4K followers, 4145 engagements


"Trend Micro researchers share their findings on the Shai-hulud XXX campaign and reveal new functions that werent observed in its first variant such as backdoor capabilities"  
[X Link](https://x.com/virusbtn/status/1994340727837307066)  2025-11-28T09:40Z 60.4K followers, 3803 engagements


"SEQRITE APT-Team details a spear-phishing campaign against Russian HR payroll and internal admin departments using bonus and policy-themed decoys. The chain relies on malicious LNK files a new DUPERUNNER implant and an AdaptixC2 Beacon for C2"  
[X Link](https://x.com/virusbtn/status/1996533178736193689)  2025-12-04T10:52Z 60.4K followers, 9079 engagements


"Acronis TRU analyses Makop ransomwares updated toolkit with new components including local privilege escalation exploits and GuLoader for secondary payloads. XX% of observed cases hit Indian organisations with further victims in Brazil & Germany"  
[X Link](https://x.com/virusbtn/status/1998352380019032542)  2025-12-09T11:21Z 60.4K followers, 1940 engagements


"Unit XX details 01flip a new Rust-based ransomware family observed in June 2025 targeting a limited set of victims in the Asia-Pacific region"  
[X Link](https://x.com/virusbtn/status/1999061048104513976)  2025-12-11T10:17Z 60.4K followers, 1804 engagements


"FortiGuard Labs observed UDPGangster a UDP-based backdoor linked to MuddyWater. Recent campaigns use macro-enabled Word lures to target organisations in Turkey Israel & Azerbaijan with UDP for command execution file exfiltration & payload delivery"  
[X Link](https://x.com/virusbtn/status/1996880874684797402)  2025-12-05T09:54Z 60.4K followers, 1671 engagements


"Sophos X-Ops analyses Shanya a packer-as-a-service favoured by ransomware groups and starting to replace HeartCrypt in their toolkits. The report traces its underground origins unpacks its code and examines a targeted infection using the service"  
[X Link](https://x.com/virusbtn/status/1997989101245522036)  2025-12-08T11:18Z 60.4K followers, 1841 engagements


"Trend Micro Research reports Water Saci shifting from a PowerShell-based propagation routine to a Python variant that boosts development improves browser support and error handling and speeds malware delivery via WhatsApp Web"  
[X Link](https://x.com/virusbtn/status/1995812499946348930)  2025-12-02T11:09Z 60.4K followers, 2449 engagements


"Splunk Threat Research Team analyses CastleRAT a RAT first seen in March 2025 with Python and compiled C builds. It uses RC4 with a hard-coded key for C2 gathers host details & can download further payloads and open a remote shell for attacker commands"  
[X Link](https://x.com/virusbtn/status/1996879828427919738)  2025-12-05T09:50Z 60.4K followers, 3158 engagements


"Trend Micro Research details a ValleyRAT campaign targeting job seekers via email hiding behind a weaponized Foxit PDF Reader and using DLL side-loading for initial access. As a RAT ValleyRAT enables remote control monitoring and data theft"  
[X Link](https://x.com/virusbtn/status/1996532040083374396)  2025-12-04T10:48Z 60.4K followers, 5598 engagements


"Intel XXX reports new Android banking trojan FvncBot targeting Polish users via a fake mBank security app. It abuses accessibility services for keylogging employs web injects screen streaming & HVNC & has a new codebase not tied to leaked source codes"  
[X Link](https://x.com/virusbtn/status/1996882810066645122)  2025-12-05T10:02Z 60.4K followers, 4685 engagements


"LAC's Cyber Emergency Center describes a PlugX campaign by a China-based attack group targeting Japanese transport firms & their subsidiaries. The report analyses new PlugX variants MetaRAT and Talisman PlugX and expands on findings first shared at VB2025"  
[X Link](https://x.com/virusbtn/status/1997988509911552468)  2025-12-08T11:15Z 60.4K followers, 23.1K engagements


"Sysdig TRT details EtherRAT a sophisticated backdoor dropped through recent React2Shell exploitation. The implant uses Ethereum smart contracts for C2 resolution and multiple Linux persistence mechanisms going well beyond typical cryptomining payloads"  
[X Link](https://x.com/virusbtn/status/1998350726607622345)  2025-12-09T11:15Z 60.4K followers, 4422 engagements


"Sophos X-Ops details how GOLD BLADE has evolved into a hybrid data-theft & ransomware actor. Recent activity mainly hits Canadian organisations delivering weaponized resumes via recruitment platforms using modified RedLoader chains & a custom locker"  
[X Link](https://x.com/virusbtn/status/1998697034849607885)  2025-12-10T10:11Z 60.4K followers, 2052 engagements


"Huntress shows how attackers weaponize trusted AI tools. In an alert triaged by Huntress the victim had searched clear disk space on macOS clicked Google results to ChatGPT or Grok then followed terminal cleanup commands that delivered Amos Stealer"  
[X Link](https://x.com/virusbtn/status/1998698613958906028)  2025-12-10T10:17Z 60.4K followers, 2442 engagements


"Zimperium zLabs identified DroidLock a new Android ransomware-like app targeting Spanish users. It uses fake system update screens VNC-based remote control and device admin privileges to lock or wipe phones capture photos & steal app lock credentials"  
[X Link](https://x.com/virusbtn/status/1999061981723349394)  2025-12-11T10:21Z 60.4K followers, 1473 engagements