AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Court’s section 230 rulings. Our guest is Mike DeNapoli from Cymulate with insights on cybersecurity effectiveness. And a trio of commercial spyware cases.
For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/99
Android app breaking bad: From legitimate screen recording to file exfiltration within a year (ESET)
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials (ESET)
BlackCat Ransomware Deploys New Signed Kernel Driver (Trend Micro)
Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor (Permiso)
Uncle Sam strangles criminals' cashflow by reining in money mules (The Register)
German prosecutors charge four over violating trade act to sell spyware to Turkey (Washington Post)
Israel Torpedoed Morocco Spyware Deal - and NSO Competitor QuaDream Shut Down (Haaretz)
He Was Investigating Mexico’s Military. Then the Spying Began. (New York Times)
Learn more about your ad choices. Visit megaphone.fm/adchoices