Category: VirusTotal Blog

At VirusTotal, we are closely following how AI agents are evolving and how we can be useful in that space. Part of that is analysis: the new generation of AI-native artifacts (skills, plugins, IDE extensions, agent configs) that attackers are…

Read more →

In part one, we showed how OpenClaw skills are rapidly becoming a supply-chain delivery channel: third-party “automation” that runs with real system access. This second installment expands the taxonomy with five techniques VirusTotal is actively seeing abused through skills, spanning…

Read more →

The fastest-growing personal AI agent ecosystem just became a new delivery channel for malware. Over the last few days, VirusTotal has detected hundreds of OpenClaw skills that are actively malicious. What started as an ecosystem for extending AI agents is…

Read more →

Introduction As part of our commitment to sharing interesting hunts, we are launching these ‘Flash Hunting Findings’ to highlight active threats. Our latest investigation tracks an operation active between January 11 and January 15, 2026, which uses consistent ZIP file…

Read more →

We are excited to announce the launch of Saved Searches in Google Threat Intelligence (GTI) and VirusTotal (VT), a powerful new feature designed to streamline your threat hunting workflows and foster seamless collaboration across your security team. From Campaign to…

Read more →

Introduction We have recently started a new blog series called #VTPRACTITIONERS. This series aims to share with the community what other practitioners are able to research using VirusTotal from a technical point of view. Our first blog saw our colleagues…

Read more →

TL;DR: We ran our new AI-based Mach-O analysis pipeline in production, no metadata, no prior detections, just raw Apple binaries. On Oct 18, 2025, out of 9,981 first-seen samples, VT Code Insight surfaced multiple real Mac and iOS malware cases…

Read more →

This November, we’re celebrating the power of VirusTotal Enterprise search! All VirusTotal customers will enjoy uncapped searches through the GUI — no quota consumption for the entire month so long as it is manual searches via the web interface. Whether…

Read more →

We’re happy to announce a collaboration with Hugging Face, an open platform that fosters collaboration and transparency in AI, to make security insights more accessible to the community. VirusTotal’s analysis results are now integrated directly into the Hugging Face platform,…

Read more →

Introduction One of the best parts of being at VirusTotal (VT) is seeing all the amazing ways our community uses our tools to hunt down threats. We love hearing about your successes, and we think the rest of the community…

Read more →

Introduction One of the best parts of being at VirusTotal (VT) is seeing all the amazing ways our community uses our tools to hunt down threats. We love hearing about your successes, and we think the rest of the community…

Read more →

VirusTotal (VT) was founded on a simple principle: we are all stronger when we work together. Every file shared, every engine integrated, and every rule contributed strengthens our collective defense against cyber threats. In the spirit of that collaboration, and…

Read more →

We’re adding a new specialist to VirusTotal’s Crowdsourced AI lineup: Exodia Labs, with an AI engine focused on analyzing Chrome extension (.CRX) files. This complements our existing Code Insight and other AI contributors by helping users better understand this format…

Read more →

Last week, we were fortunate enough to attend the fantastic LABScon conference, organized by the SentinelOne Labs team. While there, we presented a workshop titled ‘Advanced Threat Hunting: Automating Large-Scale Operations with LLMs.’ The main goal of this workshop was…

Read more →

We are excited to announce that our colleague Joseliyo Sánchez, will be at Labscon to present our workshop: Advanced Threat Hunting: Automating Large-Scale Operations with LLMs. This workshop is a joint effort with SentinelOne and their researcher, Aleksandar Milenkoski.  In…

Read more →

VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files…

Read more →

More than two years have passed since we announced the launch of Code Insight at RSA 2023. From that time on, we have been applying this technology in different scenarios, expanding its use in new file formats (1, 2). As we…

Read more →

Spoiler: VirusTotal Code Insight’s preliminary audit flagged nearly 8% of MCP (Model Context Protocol) servers on GitHub as potentially forged for evil, though the sad truth is, bad intentions aren’t required to follow bad practices and publish code with critical…

Read more →

Short note for everyone who already lives and breathes YARA: Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/ Audio version of this post, created with NotebookLM Deep Dive Your browser does not support the audio element. What changes…

Read more →

When we launched Code Insight, we started by analyzing PowerShell scripts. Since then, we have been continuously expanding its capabilities to cover more file types. Today, we announce that Code Insight can now analyze a broader range of formats crucial…

Read more →