# Security Affairs Malware Newsletter Round 36
The latest issue of the Security Affairs Malware newsletter is here, packed with the most recent updates on malware threats from around the world. In this edition, we'll delve into some of the most pressing security concerns, including a zero-day exploit used to target a phone, an Infostealer threat traced to one in four cyberattacks, and new developments in the world of ransomware.
## Cellebrite Zero-Day Exploit Used to Target Phone of Serbian Student Activist
In a disturbing example of how vulnerable phones can be exploited for malicious purposes, a recent incident saw a Cellebrite zero-day exploit used to target the phone of a Serbian student activist. This exploit, which was discovered by security researchers, allows attackers to gain access to sensitive information and potentially take control of the device.
## One in Four Cyberattacks Traced to Infostealers
According to Huntress, one in four cyberattacks can be traced back to Infostealers. These malicious actors are notorious for stealing sensitive information from compromised devices. In recent months, there have been numerous reports of Infostealer attacks targeting individuals and organizations worldwide.
## Uncovering .NET Malware Obfuscated by Encryption and Virtualization
A recent analysis by security researchers has uncovered a new strain of .NET malware that uses advanced encryption and virtualization techniques to evade detection. This malware, which has been dubbed "Obfuscator," is designed to remain hidden from security software and can potentially be used in future attacks.
## Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
The Black Basta and Cactus ransomware groups have added a new type of malware called BackConnect to their arsenal. This malware allows attackers to spread laterally across networks, making it increasingly difficult for organizations to contain outbreaks.
## Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
A recent disruption in the Satori threat intelligence has revealed a new piece of malware called BADBOX 2.0. This malware is designed to target consumer devices and can be used for multiple types of fraud, including identity theft and financial scams.
## Fingerprint Heists: How Your Browser Fingerprint Can Be Stolen and Used by Fraudsters
In an alarming development, security researchers have discovered a way for hackers to steal browser fingerprints. These fingerprints contain sensitive information about an individual's browsing habits and can be used to impersonate them online.
## Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom
A recent ransomware attack has hit over 40 victims worldwide, with the attacker demanding a staggering $100K-$15M in ransom. The attackers, who have dubbed themselves "Medusa," are using advanced techniques to spread the malware and evade detection.
## Thousands of Websites Hit by Four Backdoors in 3rd Party JavaScript Attack
A recent JavaScript attack has compromised over thousands of websites worldwide, leaving them vulnerable to further attacks. This attack is a stark reminder of the importance of keeping software up-to-date and monitoring for security vulnerabilities.
## Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
In a highly sophisticated example of malware development, a threat actor has delivered a multistage polyglot malware that can be tailored to specific targets. This malware is designed to evade detection and remain hidden from security software.
## New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran
A new DDoS botnet has been discovered, which is believed to have originated in Iran. The botnet, which can be used for a range of malicious activities, including distributed denial-of-service (DDoS) attacks and cryptocurrency mining.
## The Evolution of Dark Caracal Tools: Analysis of a Campaign Featuring Poco RAT
Security researchers have analyzed a recent campaign featuring the Poco RAT (Remote Access Trojan). This malware is designed to provide attackers with remote access to compromised devices and can be used for a range of malicious activities, including data theft and financial scams.
## Lotus Blossom Espionage Group Targets Multiple Industries with Different Versions of Sagerunex and Hacking Tools
A recent campaign by the Lotus Blossom espionage group has targeted multiple industries worldwide, using different versions of Sagerunex and other hacking tools. This campaign highlights the evolving nature of cyber threats and the importance of staying vigilant.
## Malware Detection at the Edge with Lightweight LLMs: A Performance Evaluation
In a study evaluating the performance of lightweight language models (LLMs) for malware detection, researchers found that these models can be effective in detecting malware at the edge. However, further improvements are needed to enhance the effectiveness and efficiency of this approach.
## Malware Classification from Memory Dumps Using Machine Learning, Transformers, and Large Language Models
In a breakthrough example of machine learning-based malware classification, researchers have successfully classified malware using memory dumps. This approach has the potential to improve the accuracy and efficiency of malware detection.
## Self-MCKD: Enhancing the Effectiveness and Efficiency of Knowledge Transfer in Malware Classification
A new technique called Self-MCKD (Self-Modifying Knowledge Coding) has been developed to enhance the effectiveness and efficiency of knowledge transfer in malware classification. This approach uses machine learning models to learn from self-modified data, leading to improved accuracy.
## Is Malware Detection Needed for Android TV? Follow me on Twitter: @securityaffairs
As the world of smart devices continues to evolve, the question remains whether malware detection is necessary for Android TV. In this edition of the Security Affairs Malware newsletter, we'll explore this topic in more depth and provide you with the latest insights from the security community.
Stay up-to-date with the latest security news by following me on Twitter: @securityaffairs