Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[Malicious NPM Packages Targeting PayPal Users](https://www.fortinet.com/blog/threat-research/malicious-npm-packages-targeting-paypal-users)[New Malware Variant Identified: ResolverRAT Enters the Maze](https://www.morphisec.com/blog/new-malware-variant-identified-resolverrat-enters-the-maze/)[Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?](https://news.drweb.com/show/)[BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets](https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html)[Gorilla, a newly discovered Android malware](https://catalyst.prodaft.com/public/report/gorilla/overview)[Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis](https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain/)[IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia](https://securelist.com/mysterysnail-new-version/116226/)[Unmasking the new XorDDoS controller and infrastructure](https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/)[Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents](https://www.cloudsek.com/blog/byte-bandits-how-fake-pdf-converters-are-stealing-more-than-just-your-documents)[Renewed APT29 Phishing Campaign Against European Diplomats](https://research.checkpoint.com/2025/apt29-phishing-campaign/)[Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks](https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/)[Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware](https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/)[Threat actors misuse Node.js to deliver malware and other malicious payloads](https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/)[Latest Mustang Panda Arsenal: ToneShell and StarProxy -| P1](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1)[Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak -| P2](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2)[Around the World in 90 Days: State-Sponsored Actors Try ClickFix](https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix)[Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering](https://arxiv.org/abs/2504.07137)[Malware analysis assisted by AI with R2AI](https://arxiv.org/abs/2504.07574)[A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption](https://www.mdpi.com/1424-8220/25/8/2406)[AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm](https://www.mdpi.com/2227-7080/13/4/145)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 335 – Electrical Equipment
Appliance
Component Manufacturing
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 522 – Credit Intermediation And Related Activities
Associated Indicators: