Critical Malware Updates: Security Affairs Newsletter Round 38

TL;DR

The Security Affairs Malware Newsletter Round 38 highlights recent developments in the malware landscape, including new ransomware attacks, data breaches, and advanced malware delivery techniques. Key topics include the Akira ransomware, the HELLCAT ransomware breach of Jaguar Land Rover, and the exploitation of Web3 for malware delivery.

Introduction

The Security Affairs Malware Newsletter Round 38 provides a comprehensive overview of the latest developments in the international malware landscape. This edition covers critical topics such as ransomware attacks, data breaches, and advanced malware delivery techniques. Stay informed about the evolving threats and security measures in the cybersecurity realm.

Decrypting Akira Ransomware Files Using GPUs

A recent article on TinyHack details a method for decrypting files encrypted by the Akira ransomware (Linux/ESXI variant 2024) using GPUs. This approach offers a potential solution for organizations affected by this ransomware strain¹.

Jaguar Land Rover Breached by HELLCAT Ransomware

Jaguar Land Rover recently fell victim to the HELLCAT ransomware group, which utilized its infostealer playbook to breach the company’s systems. Following the initial attack, a second hacker struck, compounding the security challenges faced by the automaker².

ClearFake’s New Variant Targets Web3

The ClearFake malware has seen a new variant that increasingly targets Web3 for malware delivery. This widespread variant poses a significant threat to the growing Web3 ecosystem, as detailed in a report by Sekoia³.

Satori Threat Intelligence Disruption

Human Security reports on the Satori Threat Intelligence Disruption, where BADBOX 2.0 targets consumer devices with multiple fraud schemes. This disruption highlights the ongoing efforts to mitigate cyber threats⁴.

StilachiRAT: From Reconnaissance to Cryptocurrency Theft

Microsoft’s security blog provides an in-depth analysis of StilachiRAT, a malware that progresses from system reconnaissance to cryptocurrency theft. This detailed analysis offers insights into the malware’s operational tactics⁵.

Fake Android Apps Uncovered by IAS Threat Lab

The IAS Threat Lab has uncovered an extensive fraud scheme leveraging fake Android apps. This discovery underscores the importance of vigilance in the mobile app ecosystem⁶.

DarkCrystal RAT Targets Defense-Industrial Complex

UAC-0200 has been identified as conducting espionage against the defense-industrial complex using the DarkCrystal RAT. This targeted attack highlights the need for enhanced security measures in critical industries⁷.

Mass Exploitation of CVE-2024-4577

A technical advisory from Bitdefender warns of the mass exploitation of CVE-2024-4577, emphasizing the urgency for organizations to patch their systems⁸.

Arcane Stealer: A Comprehensive Data Threat

The Arcane stealer malware aims to exfiltrate all data from compromised systems, as detailed in a report by SecureList. This malware poses a significant threat to data security⁹.

Analyzing the ABYSSWORKER Driver

Elastic’s security labs provide an in-depth analysis of the ABYSSWORKER driver, shedding light on its functionalities and potential threats¹⁰.

RansomHub Leverages New Custom Backdoor

Security.com reports on RansomHub’s use of a new custom backdoor, highlighting the evolving tactics of ransomware groups¹¹.

Head Mare and Twelve Collaborate Against Russian Entities

Head Mare and Twelve have joined forces to attack Russian entities, as detailed in a report by SecureList. This collaboration underscores the complex dynamics of cyber warfare¹².

Info-Stealing Malware Found in Steam Game Demo

A game demo on Steam was found to be infected with info-stealing malware, leading to its removal from the platform. This incident highlights the risks associated with downloading game demos¹³.

Label Spoofing Attacks Against Android Malware Detection

A recent study published on arXiv discusses label spoofing attacks against machine learning models used for Android malware detection. This research emphasizes the vulnerabilities in current detection methods¹⁴.

Enhancing Malware Fingerprinting

Another study on arXiv explores the enhancement of malware fingerprinting through the analysis of evasive techniques. This research aims to improve the accuracy of malware detection¹⁵.

Behavioral Drifting Ransomware Attacks

A wide and weighted deep ensemble model has been proposed for detecting behavioral drifting ransomware attacks. This model offers a robust solution for identifying and mitigating such threats¹⁶.

Trandroid: Transformer Neural Networks for Android Threat Detection

The Trandroid system utilizes transformer neural networks for Android mobile threat detection. This innovative approach enhances the capabilities of existing threat detection mechanisms¹⁷.

Conclusion

The Security Affairs Malware Newsletter Round 38 provides a comprehensive overview of the latest developments in the malware landscape. From the decryption of Akira ransomware files to the collaboration between Head Mare and Twelve, this edition highlights the evolving threats and the critical need for robust cybersecurity measures. Stay informed and vigilant to protect against these emerging challenges.

Additional Resources

For further insights, check out the following authoritative sources:

• TinyHack
• InfoStealers
• Sekoia
• Human Security
• Microsoft Security Blog
• Integral Ads
• CERT-UA
• Bitdefender
• SecureList
• Elastic
• Security.com
• Bleeping Computer
• arXiv
• MDPI

References

1. TinyHack. (2025, March 13). “Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs”. TinyHack. Retrieved 2025-03-23. ↩︎

2. InfoStealers. (2025, March). “Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes”. InfoStealers. Retrieved 2025-03-23. ↩︎

3. Sekoia. (2025). “ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery”. Sekoia. Retrieved 2025-03-23. ↩︎

4. Human Security. (2025). “Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes”. Human Security. Retrieved 2025-03-23. ↩︎

5. Microsoft Security Blog. (2025, March 17). “StilachiRAT analysis: From system reconnaissance to cryptocurrency theft”. Microsoft. Retrieved 2025-03-23. ↩︎

6. Integral Ads. (2025). “IAS Threat Lab Uncovers Extensive Fraud Scheme Leveraging Fake Android Apps”. Integral Ads. Retrieved 2025-03-23. ↩︎

7. CERT-UA. (2025). “UAC-0200: Espionage against the defense-industrial complex using DarkCrystal RAT (CERT-UA#14045)”. CERT-UA. Retrieved 2025-03-23. ↩︎

8. Bitdefender. (2025). “Technical Advisory: Mass Exploitation of CVE-2024-4577”. Bitdefender. Retrieved 2025-03-23. ↩︎

9. SecureList. (2025). “Arcane stealer: We want all your data”. SecureList. Retrieved 2025-03-23. ↩︎

10. Elastic. (2025). “Shedding light on the ABYSSWORKER driver”. Elastic. Retrieved 2025-03-23. ↩︎

11. Security.com. (2025). “RansomHub: Attackers Leverage New Custom Backdoor”. Security.com. Retrieved 2025-03-23. ↩︎

12. SecureList. (2025). “Head Mare and Twelve join forces to attack Russian entities”. SecureList. Retrieved 2025-03-23. ↩︎

13. Bleeping Computer. (2025). “Steam pulls game demo infecting Windows with info-stealing malware”. Bleeping Computer. Retrieved 2025-03-23. ↩︎

14. arXiv. (2025, March). “Trust Under Siege: Label Spoofing Attacks against Machine Learning for Android Malware Detection”. arXiv. Retrieved 2025-03-23. ↩︎

15. arXiv. (2025, March). “Enhancing Malware Fingerprinting through Analysis of Evasive Techniques”. arXiv. Retrieved 2025-03-23. ↩︎

16. MDPI. (2025). “A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks”. MDPI. Retrieved 2025-03-23. ↩︎

17. MDPI. (2025). “Trandroid: An Android Mobile Threat Detection System Using Transformer Neural Networks”. MDPI. Retrieved 2025-03-23. ↩︎