A catphishing campaign has targeted members of the Israeli Defense Forces using Android malware called "ViperRAT." Early suspicions of responsibility were directed toward Hamas, the Palestinian Sunni group that's the de facto ruler of the Gaza Strip. Lookout Security, however, believes such attribution may have been hasty, and that, far from initial characterizations of ViperRAT as relatively primitive, the malware is in fact more sophisticated attack code with two variants: an initial profiling tool installed by social engineering, and a second-stage surveillance tool that collects contact information, geolocation data, images, and other files. Lookout thinks the malware is beyond any mobile-device attack capabilities displayed by Hamas. But, as always, treat attribution with caution, and exercise care with Android devices: there's no particular reason for ViperRAT to confine itself to IDF targets.
Upset (along with most of the rest of the world) by North Korean missile tests, China imposes an embargo on DPRK coal, long a staple of the North Korean economy. Observers think sanctions will prompt an increase in North Korean cyber crime as that country's government seeks to plug the economic hole.
Cisco is tracking "Magic Hound," a RAT-centric campaign targeting Saudi businesses. The attackers gain their entrée by phishing.
IBM's X-Force has continued its investigation of Shamoon, the destructive campaign against Saudi Aramco and other Gulf targets that reappeared in November 2016 and January 2017. Researchers believe the initial infection was through malicious macros in a compromised document.
Verizon will buy Yahoo!'s core assets, but at a discount.