ACCORDING to SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47, Pierluigi Paganini presents a curated collection of malware research and analysis published around 1 June 2025. The roundup highlights a range of recent findings, from 60 malicious npm packages leaking network and host data in an active malware campaign to a study of a VenomRAT malware campaign and a scammy fake Google Meet page that tricks users into running PowerShell malware.
It also features reports on Dero miner activity targeting Docker APIs, the PyBitmessage backdoor installed with CoinMiner, and a new botnet named PumaBot aimed at IoT surveillance devices. Additional items include GreyNoise’s discovery of a stealthy backdoor campaign affecting ASUS routers, analyses of North Korea-linked actors abusing VS Code auto-run to spread StoatWaffle, and several write-ups on supply-chain and phishing campaigns.
The newsletter closes with a breadth of related threat intelligence pieces, including deep-dives into AI tool installers, ransomware campaigns, and notable data-breach and security updates.