Post

Security Affairs Malware Newsletter Round 45: Critical Updates on Global Cyber Threats

Posted
By Tom Grant
3 min read
Security Affairs Malware Newsletter Round 45: Critical Updates on Global Cyber Threats

TL;DR

The Security Affairs Malware Newsletter Round 45 highlights significant malware incidents and research, including the iClicker hack targeting students, new stealthy Linux backdoors, and emerging malware families like TerraStealerV2. The newsletter also covers supply chain compromises, crypto theft networks, and ransomware attacks, providing a comprehensive overview of the current cyber threat landscape.

Introduction

The Security Affairs Malware Newsletter Round 45 presents a curated selection of the most impactful articles and research on malware from around the world. This edition covers various critical topics, from educational institution hacks to sophisticated malware families and supply chain compromises.

Key Highlights

Educational Institutions Under Attack

  • iClicker Hack: Students were targeted with malware through a fake CAPTCHA on the iClicker site, highlighting the vulnerabilities in educational tools1.

Emerging Malware Threats

  • Noodlophile Stealer: This new malware is distributed via fake AI video generation platforms, showcasing the evolving tactics of cybercriminals2.
  • TerraStealerV2 and TerraLogger: Golden Chickens’ new malware families have been discovered, indicating a rise in sophisticated threat actors3.

E-commerce and Supply Chain Vulnerabilities

  • Backdoor in E-commerce Components: A critical backdoor was found in popular e-commerce components, posing a significant risk to online retailers4.
  • RATatouille Supply Chain Compromise: A malicious recipe hidden in rand-user-agent compromised the supply chain, affecting numerous systems5.

Advanced Persistent Threats

  • Stealthy Linux Backdoor: This backdoor leverages residential proxies and NHAS reverse SSH, demonstrating the advanced capabilities of modern malware6.
  • FreeDrain Crypto Theft Network: An industrial-scale crypto theft network was unmasked, revealing the extensive reach of cybercriminal operations7.

Ransomware and Data Breaches

  • LockBit Ransomware Gang: The LockBit ransomware gang was hacked, exposing victim negotiations and shedding light on their operations8.
  • Privilege Escalation Zero-Day: Ransomware attackers leveraged a privilege escalation zero-day vulnerability, underscoring the importance of prompt patch management9.

Global Cyber Espionage

  • COLDRIVER Malware: COLDRIVER is using new malware to steal documents from Western targets and NGOs, highlighting the ongoing cyber espionage campaigns10.
  • MirrorFace Malware: MirrorFace targets Japan and Taiwan with ROAMINGMOUSE and upgraded ANEL malware, indicating a focused regional threat11.

Research and Innovations

  • Dynamic Graph-based Fingerprinting: A new study explores dynamic graph-based fingerprinting of in-browser cryptomining, offering insights into detection methods12.
  • MAL-XSEL Detection Model: The MAL-XSEL model enhances industrial web malware detection with an explainable stacking ensemble model, advancing cybersecurity defenses13.

Conclusion

The Security Affairs Malware Newsletter Round 45 provides a comprehensive overview of the current cyber threat landscape, highlighting the need for vigilant cybersecurity measures. As malware continues to evolve, staying informed about the latest threats and research is crucial for protecting against sophisticated cyber attacks.

Additional Resources

For further insights, check:

References

  1. Bleeping Computer (2025). “iClicker site hack targeted students with malware via fake CAPTCHA”. Retrieved 2025-05-11. ↩︎

  2. Morphisec (2025). “New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms”. Retrieved 2025-05-11. ↩︎

  3. Recorded Future (2025). “TerraStealerV2 and TerraLogger: Golden Chickens’ New Malware Families Discovered”. Retrieved 2025-05-11. ↩︎

  4. Sansec (2025). “Backdoor found in popular ecommerce components”. Retrieved 2025-05-11. ↩︎

  5. Aikido (2025). “RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)”. Retrieved 2025-05-11. ↩︎

  6. Secure Bulletin (2025). “Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH”. Retrieved 2025-05-11. ↩︎

  7. SentinelOne (2025). “[FreeDrain Unmasked Uncovering an Industrial-Scale Crypto Theft Network](https://www.sentinelone.com/labs/freedrain-unmasked-uncovering-an-industrial-scale-crypto-theft-network/)”. Retrieved 2025-05-11.

    ↩︎

  8. Bleeping Computer (2025). “LockBit ransomware gang hacked, victim negotiations exposed”. Retrieved 2025-05-11. ↩︎

  9. Security.com (2025). “Ransomware Attackers Leveraged Privilege Escalation Zero-day”. Retrieved 2025-05-11. ↩︎

  10. Google Cloud (2025). “COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs”. Retrieved 2025-05-11. ↩︎

  11. The Hacker News (2025). “MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware”. Retrieved 2025-05-11. ↩︎

  12. arXiv (2025). “Dynamic Graph-based Fingerprinting of In-browser Cryptomining”. Retrieved 2025-05-11. ↩︎

  13. MDPI (2025). “MAL-XSEL: Enhancing Industrial Web Malware Detection with an Explainable Stacking Ensemble Model”. Retrieved 2025-05-11. ↩︎

Cybersecurity & Data Protection, Malware
cybersecurity malware threat intelligence
This post is licensed under CC BY 4.0 by the author.