Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[iClicker site hack targeted students with malware via fake CAPTCHA](https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/)[New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms](https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms/)[Backdoor found in popular ecommerce components](https://sansec.io/research/license-backdoor)[Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH](https://securebulletin.com/stealthy-linux-backdoor-leveraging-residential-proxies-and-nhas-reverse-ssh/)[TerraStealerV2 and TerraLogger: Golden Chickens’ New Malware Families Discovered](https://www.recordedfuture.com/research/terrastealerv2-and-terralogger)[I StealC You: Tracking the Rapid Changes To StealC](https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc)[Malicious PyPI Package Targets Discord Developers with Remote Access Trojan](https://socket.dev/blog/malicious-pypi-package-targets-discord-developers-with-RAT)[RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)](https://www.aikido.dev/blog/catching-a-rat-remote-access-trojian-rand-user-agent-supply-chain-compromise)[Classic Rock: Hunting a Botnet that preys on the Old](https://blog.lumen.com/black-lotus-labs-helps-demolish-major-criminal-proxy-network/)[Malicious PyPI Package Targets Discord Developers with Remote Access Trojan](https://socket.dev/blog/malicious-pypi-package-targets-discord-developers-with-RAT)[FreeDrain Unmasked -| Uncovering an Industrial-Scale Crypto Theft Network](https://www.sentinelone.com/labs/freedrain-unmasked-uncovering-an-industrial-scale-crypto-theft-network/)[Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS](https://socket.dev/blog/malicious-npm-packages-hijack-cursor-editor-on-macos)[MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware](https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html)[LockBit ransomware gang hacked, victim negotiations exposed](https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/)[Ransomware Attackers Leveraged Privilege Escalation Zero-day](https://www.security.com/threat-intelligence/play-ransomware-zero-day)[COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs](https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos)[Dynamic Graph-based Fingerprinting of In-browser Cryptomining](https://arxiv.org/abs/2505.02493)[MAL-XSEL: Enhancing Industrial Web Malware Detection with an Explainable Stacking Ensemble Model](https://www.mdpi.com/2227-9717/13/5/1329)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, [newsletter](https://securityaffairs.com/tag/newsletter))
Related Tags:
TA446
COLDRIVER
Callisto Group
SEABORGIUM
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 81 – Other Services (except Public Administration)
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
Associated Indicators: