Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang](https://securityaffairs.com/wp-content/uploads/2025/05/Sarcoma-Ransomware.pdf)[RVTools Bumblebee Malware Attack — How a Trusted IT Tool Became a Malware Delivery Vector](https://zerodaylabs.net/rvtools-bumblebee-malware/)[Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts](https://socket.dev/blog/malicious-checker-packages-on-pypi-probe-tiktok-and-instagram)[RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale](https://securitylabs.datadoghq.com/articles/redisraider-weaponizing-misconfigured-redis/)[Hidden Threats of Dual-Function Malware Found in Chrome Extensions](https://dti.domaintools.com/dual-function-malware-chrome-extensions/) [](https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html)[Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization](https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html)[Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations](https://www.ic3.gov/CSA/2025/250521-2.pdf)[Pure Harm: PureRAT Attacks Russian Organizations](https://securelist.ru/purerat-attacks-russian-organizations/112619/)[Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer](https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/)[A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame](https://www.proofpoint.com/us/blog/threat-insight/brief-history-danabot-longtime-ecrime-juggernaut-disrupted-operation-endgame)[Bumblebee malware distributed via Zenmap, WinMRT SEO poisoning](https://www.bleepingcomputer.com/news/security/bumblebee-malware-distributed-via-zenmap-winmrt-seo-poisoning/)[60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign](https://socket.dev/blog/60-malicious-npm-packages-leak-network-and-host-data)[Following the spiders: Investigating Lactrodectus malware](https://expel.com/blog/following-the-spiders-investigating-lactrodectus-malware/)[TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead](https://www.trendmicro.com/en_us/research/25/e/tiktok-videos-infostealers.html)[Russian GRU Targeting Western Logistics Entities and Technology Companies](https://media.defense.gov/2025/May/21/2003719846/-1/-1/0/CSA_RUSSIAN_GRU_TARGET_LOGISTICS.PDF)[A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist](https://news.sophos.com/en-us/2025/05/20/a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist/)[From banks to battalions: SideWinder’s attacks on South Asia’s public sector](https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/)[UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware](https://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/)[Consistent and Compatible Modelling of Cyber Intrusions and Incident Response Demonstrated in the Context of Malware Attacks on Critical Infrastructure](https://arxiv.org/pdf/2505.16398)[Malware families discovery via Open-Set Recognition on Android manifest permissions](https://arxiv.org/abs/2505.12750)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
Lumma Stealer
LummaStealer
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Associated Indicators: