Zimperium late yesterday described the activities of a massive Android scam campaign they're calling "GriftHorse." Around ten-million devices worldwide have been affected, and losses could amount to hundreds of millions of Euros. It's a premium services scam in which the crooks use malicious apps (and not the customary phishing) to enroll users in paid services they don't want.
Facebook has open-sourced its Mariana Trench static analysis tool, used within the company to find security flaws in Java and Android applications. BleepingComputer notes that this is the third security-focused static analysis kit Facebook has released.
TASS has been authorized to disclose a bit more about the treason charges Russian authorities have brought against Group-IB's CEO Ilya Sachkov this week. A source tells the outlet that, "The investigation suspects Sachkov of handing over classified information on cybersecurity to foreign intelligence agencies." Which intelligence service "employed" him isn't being revealed, although TASS observes that there are a number of (unnamed) possibilities.
Bitdefender's latest monthly threat report, released yesterday, notes the resurfacing of REvil, under its familiar name. The report also counts some 250 active ransomware strains, which is a lot, especially given the challenges of survivor bias (duly noted by Bitdefender) and the difficulties of individuating things as slippery as bad actors Anyway, their name is Legion, and, to draw a conclusion the report doesn't, a look at the countries targeted suggests that half to two-thirds of Legion probably have a letter of marque from 24 Kuznetsky Most (not far from Ulitsa Lubyanka).