SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 42
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42
April 20, 2025 
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
Malicious NPM Packages Targeting PayPal Users
New Malware Variant Identified: ResolverRAT Enters the Maze
Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
Gorilla, a newly discovered Android malware
Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
Unmasking the new XorDDoS controller and infrastructure
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
Renewed APT29 Phishing Campaign Against European Diplomats
Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
Threat actors misuse Node.js to deliver malware and other malicious payloads
Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
Around the World in 90 Days: State-Sponsored Actors Try ClickFix
Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering
Malware analysis assisted by AI with R2AI
A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption
AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
