SECURITY Affairs’ Malware Newsletter Round 84, dated 15 February 2026, presents a curated collection of malware-focused articles and research from across the international landscape. The roundup highlights several notable campaigns and developments, including Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT, and a breakdown of ZeroDayRAT, a new spyware targeting Android and iOS.
It also covers Old-School IRC and the newly discovered SSHStalker Linux botnet, alongside analysis of a defence evasion capability embedded in the Reynolds ransomware payload. Additional items include AgreeToSteal, described as the first malicious Outlook add-in leading to 4,000 stolen credentials, and LummaStealer getting a second life alongside CastleLoader.
The newsletter notes BADIIS insights into a global SEO poisoning campaign and introduces a new threat actor, UAT-9921, leveraging the VoidLink framework in campaigns. It also mentions a fake recruiter campaign targeting crypto developers and a selection of technical papers and studies on malware detection and AI-assisted security research.