SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day

Mar 27, 2025

Discover innovative methods for classifying malware using machine learning and entropy-driven feature selection. Learn about dangerous NPM packages that masquerade as legitimate software but introduce reverse shells. Additionally, uncover a recently patched vulnerability in Google Chrome that was exploited against media and educational groups in Russia. Delve into the world of cybersecurity and the latest emerging threats in the digital landscape.

04:50

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

A machine learning model utilizing CNNs has been developed to effectively classify various types of malware, achieving about 90% detection accuracy.

Recent findings on malicious npm packages demonstrate evolving cyber attack tactics targeting developers by enabling unauthorized code execution through legitimate libraries.

Deep dives

Machine Learning for Malware Classification

A novel approach to classify malware using machine learning has been developed, emphasizing its potential within cybersecurity applications. This model effectively categorizes different types of malware, including droppers, ransomware, and trojans, demonstrating a high detection accuracy of around 90%. The project involved analyzing honeypot data with undergraduate interns, showcasing their ability to apply classroom knowledge to real-world challenges. Such advancements not only help in identifying malware types but also tackle the overwhelming volume of data typically encountered in cybersecurity.

Classifying Malware and Emerging Threats from Malicious Packages

7min

Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing high-entropy segments within files, regions most likely to harbor malicious functionality, and feeding these distinct byte patterns into our model.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Leveraging%20CNNs%20and%20Entropy-Based%20Feature%20Selection%20to%20Identify%20Potential%20Malware%20Artifacts%20of%20Interest/31790

Malware found on npm infecting local package with reverse shell
Researchers at Reversinglabs found two malicious NPM packages, ethers-provider2, and ethers-providerz that patch the well known (and not malicious) ethers package to add a reverse shell and downloader.
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
Google Patched Google Chrome 0-day
Google patched a vulnerability in Chrome that was already exploited in attacks against media and educational organizations in Russia
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Machine Learning for Malware Classification

Malicious Packages Targeting Crypto Developers

Remember Everything You Learn from Podcasts