SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

BlackSuit Ransomware

Dissecting the Cicada      

Year-Long Campaign of Malicious npm Packages Targeting Roblox Users  

Rocinante: The trojan horse that wanted to fly   

Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion     

FBI: Play ransomware gang has attacked 300 orgs since 2022  

New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition  

RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM

Going beyond API Calls in Dynamic Malware Analysis: A Novel Dataset  

Unveiling a Target and Multi-Stage Malware Attack  

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant  

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion 

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar  

Chinese APT Abuses VSCode to Target Government in Asia

Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)