Ethical Hacking News
A round-up of the latest malware threats from Security Affairs, including JDownloader being hacked, TrickMo targeting banking apps, and a new variant of the famous Shai-Hulud worm. Stay ahead of the curve with the latest security threats and vulnerabilities.
JDownloader file-sharing platform has been hacked with Python-based RAT malware. A new variant of TrickMo malware targets banking, fintech, wallet, and authentication apps. Mr_Rot13 is actively exploiting a vulnerability in CVE-2026-41940 to deploy backdoors on compromised systems. Operation HumanitarianBait uses fake aid documents to deploy Python spyware on unsuspecting targets. A recent npm worm has infected over 160 packages, including popular ones like Mistral and Tanstack. The node-ipc npm package has been compromised with malicious code designed to steal sensitive information from users. FamousSparrow APT group is targeting the Azerbaijani oil and gas industry in a multi-wave espionage campaign. The FrostyNeighbor attack involves spoofed emails, GammaDrop, and GammaLoad. Gamaredon has carried out complex cyberattacks using spoofed emails, GammaDrop, and GammaLoad. A critical vulnerability in FunnelBuilder has been exploited to inject e-skimmers into e-stores. Researchers have uncovered two new Windows zero-days, known as YellowKey and GreenPlasma.
The latest security newsletter from Security Affairs has just been released, and it is filled with a plethora of alarming news about malware and its various forms. The newsletter, titled "Security Affairs Malware Newsletter Round 97", serves as a beacon of warning for cybersecurity professionals and enthusiasts alike, highlighting the most recent threats that are making headlines.
According to the newsletter, JDownloader, a popular file-sharing platform, has been hacked, with malicious actors replacing the installers with Python-based Remote Access Trojan (RAT) malware. This development is particularly concerning, as it highlights the vulnerability of user-friendly platforms like JDownloader to exploitation by hackers. The RAT malware allows the attackers to remotely access and control infected devices, making it a potent tool for cybercriminals.
In another alarming development, a new variant of the TrickMo malware has been identified, which targets banking, fintech, wallet, and authentication apps. This malicious software is designed to steal sensitive information from unsuspecting victims, compromising their financial security and leaving them vulnerable to further exploitation. The TrickMo variant represents a significant threat to the financial sector, as it can be used to steal valuable data and funds.
Furthermore, an attack actor known as Mr_Rot13 has been actively exploiting a vulnerability in CVE-2026-41940 to deploy backdoors on compromised systems. This exploit takes advantage of a previously unknown flaw in the Windows operating system, allowing attackers to gain unauthorized access to infected devices. The fact that this vulnerability is being actively exploited highlights the importance of keeping software up-to-date and patched.
Another notable threat highlighted in the newsletter is Operation HumanitarianBait, a campaign of fake aid documents used to deploy Python spyware on unsuspecting targets. This malicious operation uses convincing but false pretenses to gain the trust of its victims, before deploying spyware that can steal sensitive information and compromise their devices. The use of fake aid documents as a tactic highlights the creativity and cunning of modern cybercriminals.
In addition to these high-profile threats, the newsletter also reports on the impact of a recent npm worm that has infected over 160 packages, including popular ones like Mistral and Tanstack. This malware is designed to spread rapidly through the npm repository, compromising numerous applications and leaving them vulnerable to exploitation. The fact that this malware can spread so quickly highlights the importance of keeping software up-to-date and patching vulnerabilities.
Furthermore, the newsletter highlights a recent attack on the node-ipc npm package, which has been compromised with malicious code designed to steal sensitive information from users. This development serves as a stark reminder of the importance of vetting third-party packages and keeping software up-to-date.
The FamousSparrow APT group has also been identified as targeting the Azerbaijani oil and gas industry in a multi-wave espionage campaign. This group, known for its sophisticated cyberattacks, has demonstrated its ability to penetrate even seemingly secure systems, highlighting the need for vigilance and robust security measures.
In another development, the FrostyNeighbor attack has been reported, which involves spoofed emails, GammaDrop, and GammaLoad. This malicious operation highlights the importance of being cautious when receiving unsolicited emails or attachments, as they can often contain malware designed to compromise devices.
The newsletter also reports on a series of attacks attributed to Gamaredon, including spoofed emails, GammaDrop, and GammaLoad. This group has demonstrated its ability to carry out complex cyberattacks, highlighting the need for robust security measures and vigilance in the face of modern threats.
Furthermore, the newsletter highlights an interesting analysis of the ZeronetKit backdoor from the inside and connections to Head Mare. This discovery serves as a stark reminder of the importance of understanding and addressing vulnerabilities within our own systems, rather than simply relying on external security measures.
The TeamPCP has also been identified as carrying out a self-spreading supply chain attack that compromises TanStack npm packages. This development highlights the need for robust security protocols and regular vetting of third-party software to prevent such attacks from occurring.
In addition, the newsletter reports on a nation-state botnet known as Kazuar, which is attributed to a sophisticated cyberattack against various targets. This botnet represents a significant threat to organizations and individuals alike, highlighting the need for vigilance and robust security measures.
Furthermore, the newsletter highlights a critical vulnerability in FunnelBuilder, which has been exploited to inject e-skimmers into e-stores. This development serves as a stark reminder of the importance of keeping software up-to-date and patching vulnerabilities to prevent such attacks from occurring.
In another significant development, researchers have uncovered two new Windows zero-days, known as YellowKey and GreenPlasma. These exploits represent significant threats to organizations and individuals alike, highlighting the need for robust security measures and vigilance in the face of modern threats.
The newsletter also reports on a recent Pwn2Own Berlin 2026 event, where DEVCORE was crowned the Master of Pwn, taking home a total prize of $1.298 million. This event highlights the importance of cybersecurity competitions and challenges, which serve as a proving ground for security researchers and professionals alike.
In addition to these high-profile events, the newsletter also reports on various other security threats and vulnerabilities, including Linux Kernel bug Fragnesia, which allows local root access attacks; Broadcom releases VMware Fusion security update for root access bug; NGINX Rift: an 18-year-old flaw in the world's most deployed web server just came to light; FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign; Nitrogen Ransomware claims massive data theft from Foxconn; Microsoft Patch Tuesday for May 2026 fixes 138 bugs, some of which are alarming; OpenLoop Health confirms January 2026 Data breach affecting 716,000; and Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations.
In conclusion, the latest security newsletter from Security Affairs serves as a stark reminder of the ever-evolving landscape of modern malware threats. From file-sharing platforms to nation-state botnets, and from zero-days to supply chain attacks, this newsletter highlights the diversity and complexity of modern cyber threats. It is imperative that individuals and organizations alike remain vigilant and proactive in addressing these threats, investing in robust security measures and staying informed about the latest developments in the world of cybersecurity.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Alarming-State-of-Malware-A-Round-Up-of-the-Latest-Security-Threats-ehn.shtml
https://securityaffairs.com/192278/security/security-affairs-malware-newsletter-round-97.html
Published: Sun May 17 10:58:09 2026 by llama3.2 3B Q4_K_M
