SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Malware Newsletter

More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers  

A VBScript campaign distributed through WhatsApp deploying RMM software 

Lost in relocation: analysis of a new loader distributing CASTLESTEALER  

PSA: Supply Chain Compromise Targets ShapedPlugin, Backdoored Pro Plugins Distributed via Official Channels

From PostCSS Masquerading to Windows RAT  

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet      

Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker  

ESET takes part in Operation Endgame to disrupt Amadey and Stealc 

StealC you later: Proofpoint and IBM X-Force support Operation Endgame disruptions 

Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker 

macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox 

Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem  

CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure  

DroidBreaker: Practical and Functional Problem-Space Attacks on Machine-Learning Android Malware Detectors

Burnyard: Future of Malware Analysis

Consistent and Compatible Modelling of Cyber Intrusions and Incident Response Demonstrated in the Context of Malware Attacks on Critical Infrastructure

An Explainable Hybrid Pipeline for Malware Classification: Benchmark Construction, Feature Reduction, and Security-Oriented Evaluation

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)