SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads](https://socket.dev/blog/lazarus-expands-malicious-npm-campaign-11-new-packages-add-malware-loaders-and-bitbucket)[BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs](https://www.lookout.com/threat-intelligence/article/badbazaar-surveillanceware-apt15)[GOFFEE continues to attack organizations in Russia](https://securelist.com/goffee-apt-new-attacks/116139/)[Atomic and Exodus crypto wallets targeted in malicious npm campaign](https://www.reversinglabs.com/blog/atomic-and-exodus-crypto-wallets-targeted-in-malicious-npm-campaign)[Malicious VSCode extensions infect Windows with cryptominers](https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-infect-windows-with-cryptominers/)[Attackers distributing a miner and the ClipBanker Trojan via SourceForge](https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/)[AkiraBot -| AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale](https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/)[Lookout Mobile Threat Landscape Report — 2024 in Review](https://www.lookout.com/threat-intelligence/report/2024-annual-mobile-threat-report)[Exploitation of CLFS zero-day leads to ransomware activity](https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/)[Governments identify dozens of Android apps bundled with spyware](https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/)[Newly Registered Domains Distributing SpyNote Malware](https://dti.domaintools.com/newly-registered-domains-distributing-spynote-malware/)[Targeted espionage activity UAC-0226 against innovation centers, government and law enforcement agencies using the GIFTEDCROOK stealer](https://cert.gov.ua/article/6282946)[Shuckworm Targets Foreign Military Mission Based in Ukraine](https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel)[Malware analysis assisted by AI with R2AI](https://arxiv.org/abs/2504.07574)[Malware Detection in Docker Containers: An Image is Worth a Thousand Logs](https://arxiv.org/pdf/2504.03238)[A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption](https://www.mdpi.com/1424-8220/25/8/2406)[Effective ML-Based Android Malware Detection and Categorization](https://www.mdpi.com/2079-9292/14/8/1486)
Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**

Related Tags:
Aqua Blizzard

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 923 – Administration Of Human Resource Programs

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 92 – Public Administration

NAICS: 339 – Miscellaneous Manufacturing

NAICS: 922 – Justice

Public Order

Safety Activities

NAICS: 33 – Manufacturing – Metal

Electronics And Other

Playful Dragon

Associated Indicators:

Threat Intel Solutions

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us