Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.————————————————————————————————————————————–[DragonForce Ransomware Group is Targeting Saudi Arabia](https://www.resecurity.com/blog/article/dragonforce-ransomware-group-is-targeting-saudi-arabia)[Massive Botnet Targets M365 with Stealthy Password Spraying Attacks](https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/)[Notorious Malware, Spam Host ‘Prospero’ Moves to Kaspersky Lab](https://krebsonsecurity.com/2025/02/notorious-malware-spam-host-prospero-moves-to-kaspersky-lab/)[ACRStealer Infostealer Exploiting Google Docs as C2](https://asec.ahnlab.com/en/86390/)[#StopRansomware: Ghost (Cring) Ransomware](https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a)[The GitVenom campaign: cryptocurrency theft using GitHub](https://securelist.com/gitvenom-campaign/115694/)[Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign](https://research.checkpoint.com/2025/large-scale-exploitation-of-legacy-driver/)[Operation SalmonSlalom A new attack targeting industrial organizations in APAC](https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/)[5 Active Malware Campaigns in Q1 2025](https://thehackernews.com/2025/02/5-active-malware-campaigns-in-q1-2025.html)[Ghostwriter -| New Campaign Targets Ukrainian Government and Belarusian Opposition](https://www.sentinelone.com/labs/ghostwriter-new-campaign-targets-ukrainian-government-and-belarusian-opposition/)[LightSpy Expands Command List to Include Social Media Platforms](https://hunt.io/blog/lightspy-malware-targets-facebook-instagram)[Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy](https://socket.dev/blog/malicious-pypi-package-exploits-deezer-api-for-coordinated-music-piracy)[Auto-Color: An Emerging and Evasive Linux Backdoor](https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/)[Anubis: A New Ransomware Threat](https://www.kelacyber.com/blog/anubis-a-new-ransomware-threat/)[PolarEdge: Unveiling an uncovered ORB network](https://blog.sekoia.io/polaredge-unveiling-an-uncovered-iot-botnet/)[Android trojan TgToxic updates its capabilities](https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities)[Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally](https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/)[Spyzie stalkerware is spying on thousands of Android and iPhone users](https://techcrunch.com/2025/02/27/spyzie-stalkerware-spying-on-thousands-of-android-and-iphone-users/)[Erudite Mogwai Uses Custom Stowaway to Stealthily Advance Online](https://rt-solar.ru/solar-4rays/blog/5261/)[Ghostwriter -| New Campaign Targets Ukrainian Government and Belarusian Opposition](https://www.sentinelone.com/labs/ghostwriter-new-campaign-targets-ukrainian-government-and-belarusian-opposition/)[UAC-0173 against the Notary Office of Ukraine (CERT-UA#13738)](https://cert.gov.ua/article/6282536)[Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations](https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/)[Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan](https://www.fortinet.com/blog/threat-research/winos-spreads-via-impersonation-of-official-email-to-target-users-in-taiwan)[Operation SalmonSlalom](https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/)[GrassCall malware campaign drains crypto wallets via fake job interviews](https://www.bleepingcomputer.com/news/security/grasscall-malware-campaign-drains-crypto-wallets-via-fake-job-interviews/)[Benchmarking Android Malware Detection: Rethinking the Role of Traditional and Deep Learning Models](https://arxiv.org/abs/2502.15041)[MADEA: A Malware Detection Architecture for IoT blending Network Monitoring and Device Attestation](https://arxiv.org/abs/2502.15098)[Multimodal Deep Learning for Android Malware Classification](https://www.mdpi.com/2504-4990/7/1/23)[Leveraging Federated Learning for Malware Classification: A Heterogeneous Integration Approach](https://www.mdpi.com/2079-9292/14/5/915)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, malware)**
Related Tags:
NAICS: 52 – Finance And Insurance
NAICS: 92 – Public Administration
NAICS: 523 – Securities
Commodity Contracts
Other Financial Investments And Related Activities
Impersonation
Blog: Security Affairs
Associated Indicators: