Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-Malware Newsletter[The Resurgence of IoT Malware: Inside the Mirai-Based ‘Gayfemboy’ Botnet Campaign](https://www.fortinet.com/blog/threat-research/iot-malware-gayfemboy-mirai-based-botnet-campaign)[Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth](https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/)[The Silent, Fileless Threat of VShell](https://www.trellix.com/blogs/research/the-silent-fileless-threat-of-vshell/)[Android backdoor spies on employees of Russian business](https://news.drweb.ru/show/?i=15047&lng=ru)[Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram](https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials)[Android Document Readers and Deception: Tracking the Latest Updates to Anatsa](https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa)[DragonForce](https://any.run/malware-trends/dragonforce/)[Hook Version 3: The Banking Trojan with The Most Advanced Capabilities](https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities)[SpyNote Malware Part 2](https://dti.domaintools.com/spynote-malware-part-2/)[Tamperedchef — The Bad PDF Editor](https://www.truesec.com/hub/blog/tamperedchef-the-bad-pdf-editor)[AppSuite PDF Editor Backdoor: A Detailed Technical Analysis](https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis)[Malware devs abuse Anthropic’s Claude AI to build ransomware](https://www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/)[APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files](https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/)[Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats](https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/)[Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime](https://www.securityweek.com/infostealers-the-silent-smash-and-grab-driving-modern-cybercrime/)[Ransomware 3.0: Self-Composing and LLM-Orchestrated](https://arxiv.org/abs/2508.20444)[DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift](https://arxiv.org/abs/2508.18839)[Real-Time Detection and Recovery Method Against Ransomware Based on Simple Format Analysis](https://www.mdpi.com/2078-2489/16/9/739)[Automated Malware Source Code Generation via Uncensored LLMs and Adversarial Evasion of Censored Model](https://www.mdpi.com/2076-3417/15/17/9252)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, [NEWSLETTER](https://securityaffairs.com/180151/breaking-news/security-affairs-malware-newsletter-round-54.html))
Related Tags:
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Mythic Leopard
Transparent Tribe
APT36
Associated Indicators: