Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-Malware Newsletter[Operation HanKook Phantom: North Korean APT37 targeting South Korea](https://www.seqrite.com/blog/operation-hankook-phantom-north-korean-apt37-targeting-south-korea/)[Three Lazarus RATs coming for your cheese](https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/)[Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide](https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide)[Android Droppers: The Silent Gatekeepers of Malware](https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware)[MystRodX: The Covert Dual-Mode Backdoor Threat](https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor_en/)[Ethereum smart contracts used to push malicious code on npm](https://www.reversinglabs.com/blog/ethereum-contracts-malicious-code)[Analyzing NotDoor: Inside APT28’s Expanding Arsenal](https://lab52.io/blog/analyzing-notdoor-inside-apt28s-expanding-arsenal/)[RapperBot: From Infection to DDoS in a Split Second](https://www.bitsight.com/blog/rapperbot-infection-ddos-split-second)[Analysis of APT-C-53 (Gamaredon) attacks against Ukrainian government departments](https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507351&idx=1&sn=0b8c9e5b3ff9d7b6551b3a69c151f7e0&chksm=f9c1ee9eceb66788c94178eec69e10142c58dc7721874f9e4d3120d7ea952faa230221a6e2cc)[Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions](https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html)[Uncovering a Colombian Malware Campaign with AI Code Analysis](https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html)[An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps](https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html)[Evaluating Diverse Feature Extraction Techniques of Multifaceted IoT Malware Analysis: A Survey](https://arxiv.org/abs/2509.03442)[BIDO: A Unified Approach to Address Obfuscation and Concept Drift Challenges in Image-based Malware Detection](https://arxiv.org/abs/2509.03807)[Modeling of Malware Propagation in Wireless Mobile Networks with Hotspots Considering the Movement of Mobile Clients Based on Cosine Similarity](https://www.mdpi.com/2079-9292/14/17/3528)[Real-Time Detection and Recovery Method Against Ransomware Based on Simple Format Analysis](https://www.mdpi.com/2078-2489/16/9/739)[s1ngularity’s Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack](https://www.wiz.io/blog/s1ngularitys-aftermath) [](https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html)[Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions](https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html)[Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials](https://socket.dev/blog/malicious-npm-packages-impersonate-flashbots-sdks-targeting-ethereum-wallet-credentials)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 516 – Broadcasting And Content Providers
NAICS: 51 – Information
Ricochet Chollima
ScarCruft
TEMP.Reaper
Associated Indicators: