SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
May 17, 2026 
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
Malware Newsletter
JDownloader site hacked to replace installers with Python RAT malware
New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps
Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware
Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack
This is what some the world’s largest banks of malware look like stacked as hard drives
Popular node-ipc npm Package Infected with Credential Stealer
FamousSparrow APT Targets Azerbaijani Oil and Gas Industry
FrostyNeighbor: Fresh mischief and digital shenanigans
Gamaredon’s infection chain: Spoofed emails, GammaDrop and GammaLoad
What BO Team is hiding: the ZeronetKit backdoor from the inside and connections to Head Mare
TeamPCP’s Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages
Kazuar: Anatomy of a nation-state botnet
Critical FunnelKit vulnerability threatens 40,000+ WooCommerce checkouts
Memory Forensics Techniques for Automated Detection and Analysis of Go Malware
Diagnosing and Mitigating Domain Shift in Permission-Based Android Malware Detection
Evolving IoT Botnet Threats and Practical Honeypot Observation: A Summary Review and Experimental Study
Systematic Evaluation of Machine Learning and Deep Learning Models for IoT Malware Detection Across Ransomware, Rootkit, Spyware, Trojan, Botnet, Worm, Virus, and Keylogger
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
