# Security Affairs Malware Newsletter Round 38
In this latest issue of the Security Affairs Malware newsletter, we bring you the most recent and concerning malware-related news from around the world. Our team has curated a selection of the best articles and research on malware threats to keep you informed about the ever-evolving landscape.
## Decrypting Encrypted Files with Akira Ransomware (Linux/ESXi Variant 2024)
Recently, security researchers discovered a new Linux ransomware variant known as Akira. This particular strain targets ESXI environments, posing significant risks to organizations with critical infrastructure reliant on these systems. In order to decrypt encrypted files, attackers employ a variety of tactics, including the use of multiple GPUs.
## Jaguar Land Rover Breached by HELLCAT Ransomware Group
The prominent automobile manufacturer Jaguar Land Rover has recently fallen victim to an attack by the notorious HELLCAT ransomware group. The assault utilized the group's well-known "infostealer" playbook, which is typically employed for gathering sensitive information from infected systems.
## ClearFake’s New Variant: Increased Web3 Exploitation for Malware Delivery
ClearFake has introduced a new variant with enhanced capabilities to deliver malware via web3 platforms. This increased risk level necessitates the development of more sophisticated security measures and awareness among users.
## Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices
In response to recent disruptions, Satori Threat Intelligence has released information on their adversary's tactics, known as BADBOX 2.0. The group is targeting consumer devices with multiple fraudulent schemes in an attempt to extort money from unsuspecting users.
## StilachiRAT Analysis: From System Reconnaissance to Cryptocurrency Theft
The StilachiRAT malware has been the subject of extensive research by security experts, who have discovered its capabilities range from system reconnaissance to the theft of cryptocurrency. Understanding this malware is essential for developing effective countermeasures against such threats.
## IAS Threat Lab Uncovers Extensive Fraud Scheme Leveraging Fake Android Apps
The IAS Threat Lab has made a significant discovery involving an elaborate scheme using fake Android apps to carry out fraudulent activities. The complexity of these tactics necessitates close monitoring and vigilance from users.
## UAC-0200: Espionage Against the Defense-Industrial Complex Using DarkCrystal RAT (CERT-UA#14045)
UAC-0200 is another piece of malicious software that has been uncovered by security experts, with a specific focus on espionage against the defense-industrial complex. This malware utilizes the DarkCrystal RAT (CERT-UA#14045) for its operations.
## Technical Advisory: Mass Exploitation of CVE-2024-4577
A significant exploit has emerged in CVE-2024-4577, allowing attackers to gain access to systems by exploiting vulnerabilities in software applications. It is crucial that users take prompt action to address these vulnerabilities and safeguard their devices against such threats.
## Arcane Stealer: We Want All Your Data
The latest malware to be discovered is the "Arcane stealer," which poses a significant threat due to its capability to obtain all user data. It is essential for users to stay vigilant and take measures to secure their information from falling into the wrong hands.
## Shedding Light on ABYSSWORKER Driver Ransomware
A recently disclosed piece of malware, known as ABYSSWORKER, has garnered attention due to its potential to cause significant harm. Its primary function is to extort money from users by encrypting their files and demanding a ransom in exchange for decryption.
## RansomHub: Attackers Leverage New Custom Backdoor
The RansomHub attackers have recently updated their tactics, employing a new custom backdoor to carry out their malicious activities. This indicates an evolving threat landscape where security measures must be continually reassessed to stay ahead of threats.
## Head Mare and Twelve Join Forces to Target Russian Entities
In a significant development, two malware groups known as Head Mare and Twelve have joined forces to target Russian entities. This cooperation highlights the growing trend of international collaboration among cybercriminals, underscoring the need for collective action in combating these threats.
## Steam Pulls Game Demo Infecting Windows with Info-Stealing Malware
Steam has recently pulled a game demo from its platform due to concerns about the malware being distributed along with it. The malicious software is capable of stealing user information, emphasizing the importance of vigilance and the need for effective security measures.
## Trust Under Siege: Label Spoofing Attacks Against Machine Learning for Android
A new threat has emerged in the form of label spoofing attacks against machine learning models for Android devices. This indicates a growing concern about the integrity of sensitive information and necessitates further research into developing countermeasures to these types of threats.
## Enhancing Malware Fingerprinting Through Analysis of Evasive Techniques
The development of effective malware detection methods is crucial in this modern era. Researchers have made strides in enhancing malware fingerprinting through analysis of evasive techniques, which could ultimately improve the efficacy of security tools and protection against malicious software.
## A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks
A new study has explored the development of a wide and weighted deep ensemble model (WWDSEM) in order to combat behavioral drifting ransomware attacks. This innovative approach demonstrates the ongoing effort to improve detection capabilities against evolving malware threats.
## Trandroid: An Android Mobile Threat Detection System Using Transformer Neural Networks
In the realm of mobile security, researchers have developed an innovative Android threat detection system known as Trandroid. Leveraging transformer neural networks, this tool offers a unique solution for identifying and mitigating mobile security risks.
Follow me on Twitter: @securityaffairs