Security Affairs Malware Newsletter Round 43

The latest issue of the Security Affairs Malware newsletter is out, featuring a collection of the most important articles and research on malware in the global landscape. In this roundup, we'll dive into some of the most fascinating topics that caught our attention.

Inside Gamaredon's PteroLNK: Dead Drop Resolvers and Evasive Infrastructure

Gamaredon, a notorious group known for its involvement in various malicious activities, has recently been linked to a complex network of dead drop resolvers and evasive infrastructure. These tools allow the group to evade detection and maintain control over their malware operations.

Our article delves into the details of Gamaredon's PteroLNK, including its dead drop resolvers and evasive infrastructure. We explore how these tools work and what they reveal about the group's tactics and techniques.

RXP Supply Chain Attack: Official NPM Package Infected with Crypto-Stealing Backdoor

A recent supply chain attack has infected an official npm package, allowing hackers to steal cryptocurrency from unsuspecting users. The attack was carried out by exploiting a vulnerability in the package's dependencies.

Our article examines the details of this attack and how it highlights the risks associated with relying on third-party software. We also provide guidance on how developers can protect themselves against such attacks.

SuperCard X: Exposing a Chinese-Speaker MaaS for NFC Relay Fraud Operation

A new malware-as-a-service (MaaS) has emerged, targeting NFC relay fraud operations. The SuperCard X MaaS is believed to be operated by a group based in China.

Our article exposes the details of this MaaS and its tactics for targeting NFC relay fraud operations. We also examine the implications of this attack for the broader cybersecurity community.

New Rust Botnet “RustoBot” is Routed via Routers Obfuscation Overdrive: Next-Gen Cryptojacking with Layers

A new botnet, dubbed RustoBot, has emerged using a novel approach to evade detection. The botnet uses obfuscated code and layering techniques to mask its activities.

Our article delves into the details of this botnet and its use of routers obfuscation overdrive. We explore what this means for cybersecurity professionals and how they can detect and mitigate such attacks.

Android Spyware Trojan Targets Russian Military Personnel Who Use Alpine Quest Mapping Software

A new Android spyware Trojan has been discovered, targeting Russian military personnel who use the Alpine Quest mapping software.

Our article examines the details of this attack and how it highlights the risks associated with using unsecured or vulnerable software. We also provide guidance on how users can protect themselves against such attacks.

Operation SyncHole: Lazarus APT Goes Back to the Well

The Lazarus APT group has been linked to a new operation, known as SyncHole. This operation appears to be a repeat of previous attacks, targeting organizations in various countries.

Our article examines the details of this operation and its implications for the broader cybersecurity community. We also explore what lessons can be learned from this attack.

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korean hackers have been linked to a new campaign, spreading malware via fake crypto firms and job interview lures. This highlights the ongoing threat posed by North Korean actors in the cyber domain.

Our article delves into the details of this campaign and its tactics for targeting unsuspecting users. We also examine the implications of this attack for the broader cybersecurity community.

DslogdRAT Malware Installed in Ivanti Connect Secure

A new strain of malware, DslogdRAT, has been discovered embedded within the Ivanti Connect Secure software. This highlights the ongoing threat posed by software-based attacks.

Our article examines the details of this attack and how it highlights the risks associated with using unsecured or vulnerable software. We also provide guidance on how users can protect themselves against such attacks.

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

Iran-linked hackers have been linked to a new campaign, targeting Israeli organizations with malware via fake job campaigns. This highlights the ongoing threat posed by state-sponsored actors in the cyber domain.

Our article delves into the details of this campaign and its tactics for targeting unsuspecting users. We also examine the implications of this attack for the broader cybersecurity community.

MAL-XSEL: Enhancing Industrial Web Malware Detection with an Explainable Stacking Ensemble Model

A new approach to industrial web malware detection has been developed, using an explainable stacking ensemble model. This highlights the ongoing challenge posed by evolving malware threats in the industrial sector.

Our article examines the details of this approach and its potential for improving malware detection in industrial environments.

Zero Day Malware Detection with Alpha: Fast DBI with Transformer Models for Real-World Application

A new approach to zero-day malware detection has been developed, using fast DBI (Deep Binary Instruction) techniques combined with transformer models. This highlights the ongoing challenge posed by zero-day attacks and the need for innovative solutions.

Our article examines the details of this approach and its potential for improving malware detection in real-world scenarios.

Automatically Generating Rules of Malicious Software Packages via Large Language Model

A new study has demonstrated the use of large language models to automatically generate rules for malicious software packages. This highlights the ongoing challenge posed by evolving malware threats and the need for innovative solutions.

Our article delves into the details of this approach and its potential implications for cybersecurity professionals.

Stay up-to-date with the latest security news and research by following us on Twitter (@securityaffairs), Facebook, and Mastodon.