Post

Latest Malware Threats and Security Insights: Newsletter Roundup

Posted
By Tom Grant
5 min read
Latest Malware Threats and Security Insights: Newsletter Roundup

TL;DR

The Security Affairs Malware Newsletter Round 53 highlights significant malware threats and cybersecurity research. Key topics include the Datacarry ransomware, the updated DRAT v2, Batavia spyware targeting Russian organizations, and advanced evasion frameworks like SHELLTER. The newsletter also covers data exfiltration threats, Iranian cyber warfare, and sophisticated APT group attacks.

Introduction

The Security Affairs Malware Newsletter Round 53 provides a comprehensive overview of the latest malware threats and cybersecurity research. This edition covers a range of topics, from new ransomware variants to advanced spyware and evasion frameworks. Stay informed about the evolving threat landscape with our curated list of articles and research reports.

Datacarry Ransomware Analysis

The Datacarry ransomware has emerged as a significant threat, targeting various industries with its encryption capabilities. For a detailed analysis, refer to the [CCITIC Report on Datacarry Ransomware]1.

Updated DRAT v2 in TAG-140’s Arsenal

The DRAT v2 malware has been updated and is now part of TAG-140’s arsenal. This new variant includes enhanced features for data exfiltration and persistence. Learn more about DRAT v2 in the [Recorded Future research report]2.

Batavia Spyware Targets Russian Organizations

Batavia spyware has been identified as a tool used to steal data from Russian organizations. This sophisticated malware employs advanced techniques to evade detection. Read more about Batavia spyware in the [SecureList analysis]3.

SHELLTER: A Commercial Evasion Framework

SHELLTER is a commercial evasion framework that has been abused in the wild. This framework allows attackers to bypass security measures and execute malicious payloads. For more details, check out the [Elastic Security Labs report]4.

Open Source Malware Index Q2 2025

The Open Source Malware Index for Q2 2025 highlights data exfiltration as a leading threat. This report provides insights into the latest malware trends and their impact on cybersecurity. Explore the [Sonatype blog]5 for a comprehensive overview.

Iranian Cyber Warfare: Pay2Key.I2P Ransomware

The Iranian group Pay2Key.I2P has ramped up ransomware attacks against Israel and the US, offering incentives for affiliates. This group employs sophisticated tactics to maximize their impact. Read more in the [Morphisec whitepaper]6.

DoNot APT Group Targets Southern European Government Entities

The DoNot APT group has launched sophisticated attacks on Southern European government entities. These attacks demonstrate the group’s advanced capabilities and persistent threat. Learn more about these attacks in the [Trellix blog]7.

Elaborate Social Media Scam Drains Crypto Wallets

Crypto wallets continue to be targeted in an elaborate social media scam. This scam employs social engineering techniques to trick users into revealing their credentials. For more information, visit the [Darktrace blog]8.

CoinMiner Attacks Exploit GeoServer Vulnerability

CoinMiner attacks have been exploiting a GeoServer vulnerability to mine cryptocurrency. This exploit highlights the importance of patching and securing vulnerable systems. Read more about these attacks in the [AhnLab ASEC analysis]9.

Supply Chain Breach in GravityForms Plugin

A supply chain breach has been discovered in the official GravityForms plugin, indicative of a broader security issue. This breach underscores the need for vigilant supply chain security. Learn more in the [PatchStack article]10.

Malware Propagation Dynamics through Scientific Machine Learning

Understanding malware propagation dynamics is crucial for effective defense strategies. Scientific machine learning provides insights into how malware spreads and evolves. Read the [arXiv paper]11 for a detailed analysis.

Advanced Malware Detection with PotentRegion4MalDetect

PotentRegion4MalDetect is an advanced malware detection method that leverages features from potential malicious regions. This method enhances the accuracy of malware detection and classification. Explore the [arXiv paper]12 for more information.

Systematic Review of Malware Detection and Classification

A systematic review of malware detection and classification techniques provides valuable insights for cybersecurity professionals. This review highlights the latest advancements and best practices in malware analysis. Read the [MDPI journal article]13 for a comprehensive overview.

Efficient Malware Detection Using Hybrid ResNet-Transformer Network

An efficient malware detection method using a hybrid ResNet-Transformer network and IGOA-based wrapper feature selection has been developed. This method improves the accuracy and speed of malware detection. Learn more in the [MDPI journal article]14.

Follow Security Affairs

Stay connected with Security Affairs for the latest updates on cybersecurity and malware threats. Follow us on [Twitter]15, [Facebook]16, and [Mastodon]17. For more insights, visit [Security Affairs]18 and connect with [Pierluigi Paganini]19 on LinkedIn.

Conclusion

The Security Affairs Malware Newsletter Round 53 provides a comprehensive overview of the latest malware threats and cybersecurity research. Stay informed about the evolving threat landscape with our curated list of articles and research reports.

Additional Resources

For further insights, check:

  • [CCITIC Report on Datacarry Ransomware]1
  • [Recorded Future research report on DRAT v2]2
  • [SecureList analysis of Batavia spyware]3
  • [Elastic Security Labs report on SHELLTER]4
  • [Sonatype blog on Open Source Malware Index Q2 2025]5
  • [Morphisec whitepaper on Pay2Key.I2P ransomware]6
  • [Trellix blog on DoNot APT group attacks]7
  • [Darktrace blog on crypto wallet scams]8
  • [AhnLab ASEC analysis of CoinMiner attacks]9
  • [PatchStack article on GravityForms plugin breach]10
  • [arXiv paper on malware propagation dynamics]11
  • [arXiv paper on PotentRegion4MalDetect]12
  • [MDPI journal article on malware detection and classification]13
  • [MDPI journal article on hybrid ResNet-Transformer network]14

References

  1. CCITIC_Report_TLP-White_DATACARRY.pdf ↩︎ ↩︎2

  2. DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal ↩︎ ↩︎2

  3. Batavia spyware steals data from Russian organizations ↩︎ ↩︎2

  4. Taking SHELLTER: a commercial evasion framework abused in- the- wild ↩︎ ↩︎2

  5. Open Source Malware Index Q2 2025: Data exfiltration remains a leading threat ↩︎ ↩︎2

  6. Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates ↩︎ ↩︎2

  7. From Click to Compromise: Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities ↩︎ ↩︎2

  8. Crypto Wallets Continue to be Drained in Elaborate Social Media Scam ↩︎ ↩︎2

  9. CoinMiner Attacks Exploiting GeoServer Vulnerability ↩︎ ↩︎2

  10. Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach ↩︎ ↩︎2

  11. Understanding Malware Propagation Dynamics through Scientific Machine Learning ↩︎ ↩︎2

  12. PotentRegion4MalDetect: Advanced Features from Potential Malicious Regions for Malware Detection ↩︎ ↩︎2

  13. Systematic Review: Malware Detection and Classification in Cybersecurity ↩︎ ↩︎2

  14. An Efficient Malware Detection Method Using a Hybrid ResNet-Transformer Network and IGOA-Based Wrapper Feature Selection ↩︎ ↩︎2

  15. Twitter: @securityaffairs ↩︎

  16. Facebook: Security Affairs ↩︎

  17. Mastodon: Security Affairs ↩︎

  18. Security Affairs ↩︎

  19. Pierluigi Paganini ↩︎

Cybersecurity & Data Protection, Malware
cybersecurity malware threat-intelligence
This post is licensed under CC BY 4.0 by the author.