Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign](https://socket.dev/blog/60-malicious-npm-packages-leak-network-and-host-data)[Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents](https://www.recordedfuture.com/research/russia-aligned-tag-110-targets-tajikistan-with-macro-enabled)[Inside a VenomRAT Malware Campaign](https://dti.domaintools.com/VenomRAT/)[Fake Google Meet Page Tricks Users into Running PowerShell Malware](https://blog.sucuri.net/2025/05/fake-google-meet-page-tricks-users-into-running-powershell-malware.html)[Dero miner zombies biting through Docker APIs to build a cryptojacking horde](https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/)[PyBitmessage Backdoor Malware Installed with CoinMiner](https://asec.ahnlab.com/en/88109/)[PumaBot: Novel Botnet Targeting IoT Surveillance Devices](https://www.darktrace.com/blog/pumabot-novel-botnet-targeting-iot-surveillance-devices)[GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers](https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers)[Mark Your Calendar: APT41 Innovative Tactics](https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics)[ViciousTrap — Infiltrate, Control, Lure: Turning edge devices into honeypots en masse](https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/)[Threat Intelligence NodeSnake Malware Campaign](https://www.quorumcyber.com/wp-content/uploads/2025/04/20250416-Higher-Education-Sector-RAT-MP.pdf)[The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website](https://research.checkpoint.com/2025/impersonated-kling-ai-site-installs-malware/)[Deep Dive into a Dumped Malware without a PE Header](https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header)[Cybercriminals camouflaging threats as AI tool installers](https://blog.talosintelligence.com/fake-ai-tool-installers/)[Mac users beware — fake Ledger apps are being used by hackers to steal seed phrases and hack accounts](https://www.techradar.com/pro/security/mac-users-beware-fake-ledger-apps-are-being-used-by-hackers-to-steal-seed-phrases-and-hack-accounts)[Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns](https://www.elastic.co/security-labs/eddiestealer)[Enhancing JavaScript Malware Detection through Weighted Behavioral DFAs](https://arxiv.org/abs/2505.21406)[Aurora: Are Android Malware Classifiers Reliable under Distribution Shift?](https://arxiv.org/abs/2505.22843)[A Transductive Zero-Shot Learning Framework for Ransomware Detection Using Malware Knowledge Graphs](https://www.mdpi.com/2078-2489/16/6/458)[Modeling and Analysis in the Industrial Internet with Dual Delay and Nonlinear Infection Rate](https://www.mdpi.com/2079-9292/14/10/2058)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, malware)
Related Tags:
Brass Typhoon
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
APT41
Associated Indicators: