# Security Affairs Malware Newsletter Round 42

The latest edition of the Security Affairs Malware newsletter brings together a collection of the most insightful articles and research on malware in the international landscape. In this round, we delve into the world of cyber threats, exploring new variants, attack chains, and misuse of technologies.

## Malicious NPM Packages Targeting PayPal Users

A recent discovery revealed malicious NPM packages targeting PayPal users. These packages, seemingly innocuous at first glance, were found to be injecting malware into users' accounts, compromising their sensitive information. This highlights the importance of regular software updates and security audits to prevent such incidents.

## New Malware Variant Identified: ResolverRAT

Researchers have identified a new malware variant known as ResolverRAT. This malware is designed to operate in stealth mode, making it challenging for detection tools to identify. ResolverRAT's capabilities include keylogging, data exfiltration, and network scanning, posing significant risks to users.

## Nice chatting with you: What Connects Cheap Android Smartphones, WhatsApp, and Cryptocurrency Theft?

A fascinating investigation revealed a surprising connection between cheap Android smartphones, WhatsApp, and cryptocurrency theft. It appears that certain devices can be used to mine cryptocurrencies, while WhatsApp's end-to-end encryption can be exploited to transfer sensitive information.

## BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets

Researchers have uncovered a hidden controller for the BPFDoor malware, targeting users in Asia and the Middle East. This discovery sheds light on the ongoing cat-and-mouse game between security researchers and threat actors.

## Gorilla, a Newly Discovered Android Malware

Gorilla is a newly discovered Android malware that has been found to have a unique set of capabilities. This malware can create multiple instances of itself, making it challenging to detect and remove. Gorilla also includes a 'hidden' feature that allows it to remain dormant until activated.

## Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

This article discusses the concept of attack chains in malware, which involve a series of coordinated attacks designed to evade detection and analysis. The use of such attack chains can make it difficult for security researchers to identify and understand the overall threat landscape.

## IronHusky Updates the Forgotten MysterySnail RAT to Target Russia and Mongolia

IronHusky has updated the forgotten MysterySnail RAT, targeting users in Russia and Mongolia. This update highlights the ongoing evolution of malware and the need for regular security updates and patches.

## Unmasking the New XorDDoS Controller and Infrastructure

Researchers have uncovered a new XorDDoS controller and infrastructure, which appears to be part of a larger attack chain. The discovery sheds light on the tactics used by threat actors to execute DDoS attacks.

## Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents

Fake PDF converters are being used as a vehicle for malicious activity, stealing sensitive information and compromising users' devices. This article highlights the importance of using legitimate software and avoiding suspicious downloads.

## Renewed APT29 Phishing Campaign Against European Diplomats

APT29 has launched a renewed phishing campaign against European diplomats. This highlights the ongoing threat landscape, with sophisticated actors targeting high-value targets to compromise sensitive information.

## Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT Driven by Multi-Platform Attacks

The article discusses the evolution of tactics, techniques, and procedures (TTPs) used by Advanced Persistent Threats (APTs). The focus is on a new cluster of APT-driven attacks that leverage multi-platform capabilities.

## Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

Slow Pisces has been identified as a new malware targeting developers with coding challenges. This malware uses customized Python code to achieve its goals, making it challenging for security researchers to detect and analyze.

## Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

The latest update from the Mustang Panda arsenal includes ToneShell and StarProxy. These tools are designed to provide threat actors with a range of capabilities, including network scanning and data exfiltration.

## Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2

This article discusses the new additions to the Mustang Panda arsenal, including PAKLOG, CorKLOG, and SplatCloak. These tools are designed to provide threat actors with enhanced capabilities for data exfiltration and network manipulation.

## Around the World in 90 Days: State-Sponsored Actors Try ClickFix Large Language Model (LLM) for Software Security

This article highlights the use of large language models (LLMs) for software security, including the malicious actor behind ClickFix. The discovery sheds light on the ongoing cat-and-mouse game between threat actors and security researchers.

## A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques

Researchers have developed a machine learning-based method to detect ransomware. This approach uses AI-powered algorithms to identify patterns in ransomware attacks, providing a new tool for attackers' neutralization techniques.

## AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm

The article discusses the development of an improved arithmetic optimization algorithm for malware detection systems like AOAFS. The focus is on improving the efficiency and effectiveness of these systems in detecting malware.

Stay up-to-date with the latest news from the world of cybersecurity by following me on Twitter: @securityaffairs, Facebook, and Mastodon.