# Security Affairs Malware Newsletter Round 39
The latest newsletter from Security Affairs has been released, bringing you the most recent updates on malware-related news and research. In this round, we'll dive into some of the most interesting stories and discoveries.
## Microsoft Trusted Signing Service Abused to Code-Sign Malware
A new attack vector has emerged, where hackers are abusing the Microsoft Trusted Signing service to code-sign malicious software. This allows them to bypass traditional security measures and distribute malware more easily. The incident highlights the importance of regularly updating software and ensuring that trusted services are not exploited.
## VSCode Marketplace Removes Two Extensions
The Visual Studio Code (VSCode) Marketplace has removed two extensions due to reports of suspicious activity. The extensions, which were designed to enhance code editing capabilities, were found to contain malware that could compromise user security. This incident serves as a reminder to always verify the authenticity of software extensions before installing them.
## Deploying Early-Stage Ransomware
Researchers have discovered a new technique used by attackers to deploy early-stage ransomware. By exploiting vulnerabilities in popular applications, hackers can gain access to systems and lay the groundwork for more sophisticated attacks. This highlights the importance of keeping software up-to-date and vigilantly monitoring system activity.
## New Android Malware Campaigns Evading Detection
A recent analysis has revealed that a new wave of Android malware campaigns is using advanced evasion techniques to avoid detection by security software. The campaigns, which are linked to known threat actors, employ sophisticated methods to bypass traditional security measures. This underscores the need for ongoing security updates and vigilance in monitoring system activity.
## .NET MAUI Raspberry Robin: Copy Shop USB Worm Evolves
The .NET MAUI Raspberry Robin (DNETRASPB) is a highly contagious USB worm that has evolved to infect systems more easily. This malware, which targets Windows systems, uses social engineering tactics to trick users into installing it. The worm's ability to spread rapidly highlights the importance of user awareness and robust security measures.
## ReaderUpdate Reforged | Melting Pot of macOS Malware
The latest iteration of ReaderUpdate, a malware family targeting macOS systems, has been discovered to contain variants in Go, Crystal, and Rust programming languages. This development underscores the growing sophistication of macOS malware and the need for continued vigilance in monitoring system activity.
## Grandoreiro Trojan Distributed via Contabo-Hosted Servers
A recent phishing campaign has seen the distribution of the Grandoreiro Trojan, a highly contagious malware that targets Windows systems. The malware is spread via compromised servers hosted by Contabo, highlighting the importance of keeping software and services up-to-date.
## Malware found on npm infecting local package with reverse shell
Security researchers have discovered malware embedded within a popular JavaScript library on npm (Node Package Manager), which can compromise user security by installing a reverse shell on infected systems. This incident serves as a reminder to always verify the authenticity of software packages before installation.
## Shifting the sands of RansomHub’s EDRKillShifter
Researchers have found evidence that the notorious EDRKillShifter malware, used for evading Endpoint Detection and Response (EDR) solutions, has evolved to target multiple crypto packages. This development highlights the ongoing cat-and-mouse game between threat actors and security professionals.
## CoffeeLoader: A Brew of Stealthy Techniques
CoffeeLoader is a new malware family that uses advanced stealth techniques to evade detection by security software. By employing sophisticated methods, such as code obfuscation and anti-analysis techniques, this malware can remain undetected for extended periods. This underscores the need for ongoing security updates and vigilance in monitoring system activity.
## PJobRAT makes a comeback, takes another crack at chat apps
PJobRAT, a notorious malware family targeting chat applications, has made a comeback. Its return highlights the ongoing threat of sophisticated malware and the importance of continued security awareness and vigilance.
## Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
Researchers have exposed a new malware family, dubbed Crocodilus, designed to compromise Android devices by exploiting vulnerabilities in popular applications. This development underscores the ongoing threat of device takeover malware and the need for continued security awareness and vigilance.
## FamousSparrow RedCurl’s Ransomware Debut: A Technical Deep Dive
In this technical deep dive, we'll explore the recent debut of RedCurl ransomware by FamousSparrow, a notorious threat actor. This analysis will provide insights into the malware's tactics, techniques, and procedures (TTPs) as well as its implications for system security.
## Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor’s Infrastructure
Blacklock ransomware has been discovered to have breached the infrastructure of a prominent threat actor. This incident highlights the importance of maintaining robust security measures and the ongoing cat-and-mouse game between threat actors and security professionals.
## Leveraging VAE-Derived Latent Spaces for Enhanced Malware Detection with Machine Learning Classifiers
Researchers have explored the use of Variational Autoencoders (VAEs) to enhance malware detection using machine learning classifiers. By leveraging VAE-derived latent spaces, this approach can improve the accuracy of malware detection systems.
## Trandroid: An Android Mobile Threat Detection System Using Transformer Neural Networks
Trandroid is a new Android mobile threat detection system that employs transformer neural networks to detect and analyze threats. This development highlights the growing importance of AI-powered security solutions in the fight against mobile malware.
## A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks
Researchers have proposed a novel approach to detecting behavioral drifting ransomware attacks using a wide and weighted deep ensemble model. By analyzing system behavior, this approach can improve the accuracy of malware detection systems.
Stay informed about the latest security threats by following me on Twitter: @securityaffairs