The CyberWire is pleased to announce that our new weekly news wrap-up, the Week that Was, is now out and available. View it here, in case you missed yesterday's email. We plan to publish the Week that Was every Sunday evening.
Malware used in December's Ukrenergo attack analyzed. CertLock Trojan blocks security software installation. MacSpy and MacRansom analyzed--malware-as-a-service targeting Macs. Ransomware found in bogus Android King of Glory game. Platinum APT exploits AMT vulnerability.
Researchers at Dragos and ESET are today releasing new reports on malware that hit Ukraine's power grid last December. They're calling the attack code "Crash Override" or "Industroyer," and they compare it to Stuxnet in terms of the severity of its threat to physical systems. Crash Override is modular and readily tailored to its targets. The Ukrenergo attack now looks like a dry run.
Access Now reports a new form of social media hijacking, "Doubleswitch," which renders its victims effectively unable to regain control of their accounts. Observed in Venezuela, DoubleSwitch has been used against critics of the Chavista regime.
Various researchers are reporting a new Trojan, "CertLock," in the wild. Carried by a range of unwanted programs, the Trojan renders those programs more difficult to clean from Windows systems by blocking the certificates of security software.
Researchers at AlienVault and Fortinet have obtained and analyzed live samples of MacSpy and MacRansom, two varieties of malware-as-a-service that have been on offer in dark web souks at least since the last weeks of May. As the names suggest, they target Mac systems with, respectively, spyware and ransomware. As Mac marketshare rises, so does Mac malware's black marketshare.
Sophos reports a ransomware outbreak in Chinese Android systems—the malicious code hides in a bogus copy of the King of Glory game. (The ransomware copies WannaCry's user interface, but it's not WannaCry.)
Microsoft finds the Platinum APT exploiting flaws in Intel chip sets' Active Management Technology to execute malicious code in targeted machines.
Today's issue includes events affecting Bahrain, Belgium, China, Egypt, France, Germany, Gibraltar, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Libya, Maldives, NATO/OTAN, Qatar, Russia, Saudi Arabia, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and and Yemen.