SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Ransomware Gangs Collapse as Qilin Seizes Control 

Dissecting a Python Ransomware distributed through GitHub repositories 

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play  

Uncovering a Tor-Enabled Docker Exploit 

Threat Actors Modify and Re-Create Commercial Software to Steal Users’ Information 

Resurgence of the Prometei Botnet  

ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware 

GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor     

OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure

SadFuture: Mapping XDSpy latest evolution 

FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks

UAC-0001 (APT28) Cyber Attacks on Government Agencies Using BEARDSHELL and COVENANT

DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery

Cryptominers’ Anatomy: Shutting Down Mining Botnets 

Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages  

Analysis of the latest attack activities of APT-C-06 (DarkHotel) using BYOVD technology 

Taiwan Strait hotspot bait! Wangci organization combines 0day and ClickOnce technology to carry out espionage activities

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

Enhancing Malware Detection via RGB Assembly Visualization and Hybrid Deep Learning Models

Analyzing PDFs like Binaries: Adversarially Robust PDF Malware Analysis via Intermediate Representation and Language Model

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)