# Security Affairs Malware Newsletter Round 47
The latest edition of the Security Affairs Malware newsletter is here, packed with the most recent updates on malware campaigns, trends, and threats from around the world. This round brings together a collection of expert insights, research papers, and real-world examples that will keep you informed about the ever-evolving threat landscape.
## The Rise of Malicious npm Packages
The latest security breach highlights the dangers of using third-party packages in software development. A total of 60 malicious npm packages were leaked, exposing sensitive network data. These packages contained macros that allowed attackers to download and install malware on infected systems.
Read more about the malicious npm packages leak
## Russia-Aligned TAG-110 Targets Tajikistan
A sophisticated malware campaign, tagged as TAG-110, has been identified. This threat actor is believed to be sponsored by Russia and targets Tajikistan with macro-enabled Word documents. The attackers use social engineering tactics to trick users into opening these documents, which in turn install the malware on their systems.
Learn more about the Russia-Aligned TAG-110 campaign
## Fake Google Meet Page Tricks Users
Attackers have created fake Google Meet pages that trick users into running PowerShell malware. The attackers use phishing tactics to gain access to victims' accounts, which they then use to spread further malicious activity.
Discover how the fake Google Meet page tricked users
## Dero Miner Zombies Bite Through Docker APIs
A new threat, known as Dero miner zombies, has emerged. These malware samples have been found to bite through Docker APIs, which allows them to spread rapidly across infected systems.
Read about the Dero miner zombies and their impact on Docker APIs
## PyBitmessage Backdoor Malware Installed with CoinMiner
Researchers have discovered a backdoor malware, known as PyBitmessage, which is installed on infected systems alongside the CoinMiner cryptocurrency mining malware.
Learn more about the PyBitmessage backdoor malware
## PumaBot: Novel Botnet Targeting IoT Surveillance Devices
A new botnet, known as PumaBot, has been identified. This threat actor targets IoT surveillance devices, using them to launch DDoS attacks and spread malware.
Discover the PumaBot botnet and its tactics
## GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
GreyNoise, a threat intelligence platform, has discovered a stealthy backdoor campaign affecting thousands of ASUS routers. The attackers used zero-day vulnerabilities to gain access to these devices.
Read about the stealthy backdoor campaign on ASUS routers
## APT41 Innovative Tactics
APT41, a known threat actor group, has been spotted using innovative tactics in their malware campaigns. They use advanced techniques to evade detection and spread malware across infected systems.
Learn more about APT41's latest tactics
## ViciousTrap – Infiltrate, Control, Lure
Researchers have discovered a new threat actor group, known as ViciousTrap. This group uses a novel tactic called "infiltration-control-lure" to turn edge devices into honeypots.
Discover the ViciousTrap threat actor group and their tactics
## The Sting of Fake Kling: Facebook Malvertising Lures Victims
Attackers have created fake Google Meet pages that trick users into running PowerShell malware. But in another example, Facebook malvertisements have lured victims to fake AI generation websites.
Read about the fake Kling and its impact on Facebook
## Deep Dive into a Dumped Malware without a PE Header
Researchers have taken a deep dive into a dumped malware sample that lacks a PE header. This allows them to analyze the malware's inner workings and understand how it operates.
Learn more about the malware analysis
## Cybercriminals Camouflaging Threats as AI Tool Installers
Cybercriminals are now camouflaging threats as AI tool installers to trick users into installing malware. This tactic is becoming increasingly common, making it essential for users to be cautious.
Discover the latest threat tactics
## Fake Ledger Apps Being Used by Hackers
Hackers are now using fake Ledger apps to steal seed phrases and hack accounts. Users must be vigilant and keep their devices secure.
Read about the fake Ledger app threats
## Chasing Eddies: New Rust- Based InfoStealer Used in CAPTCHA Campaigns
Researchers have discovered a new info-stealer, built using Rust. This malware is being used in CAPTCHA campaigns to steal sensitive information.
Learn more about the Chasing Eddies info-stealer
## Enhancing JavaScript Malware Detection through Weighted Behavioral DFAs
Researchers have developed a new approach to enhancing JavaScript malware detection using weighted behavioral DFAs. This method improves detection rates and reduces false positives.
Discover the new method for improving JavaScript malware detection
## Aurora: Are Android Malware Classifiers Reliable under Distribution Shift?
Researchers are questioning the reliability of current Android malware classifiers. They have identified distribution shifts in malware samples, which may impact classifier performance.
Read about the challenges facing Android malware classifiers
## A Transductive Zero-Shot Learning Framework for Ransomware Detection Using Malware Knowledge Graphs
Researchers have developed a new framework for ransomware detection using transductive zero-shot learning. This method uses malware knowledge graphs to improve detection accuracy.
Learn more about the ransomware detection framework
## Conclusion
The threat landscape is constantly evolving, with new tactics and techniques emerging daily. Users must stay vigilant to avoid falling prey to these threats.
Stay safe online!