More evidence is out on North Korea's designs on cryptocurrency. Recorded Future has a report on the Lazarus Group's concerted spearphishing campaign against South Korean cryptocurrency exchanges and their users. South Korea is an attractive target for obvious political and linguistic reasons. It's also attractive because it has a large number of active cryptocurrency early adopters. In addition to theft, the campaign also prospected South Korean students interested in international affairs.
There are interesting connections between this campaign and earlier ones linked to the Lazarus Group. The malware payload shared code with Destover, a strain used to hit Sony Pictures in 2014 and early WannaCry victims last year.
Despite falling Bitcoin prices, ordinary criminals are still attracted to it and other alternative currencies. Coinhive is the tool most favored by cryptojackers.
Bogus patch sites promising to fix Spectre and Meltdown are up in the wild. They target German users by spoofing the Federal Office for Information Security (BSI). Instead of patches, Malwarebytes reports, the sites serve up malware loaded in a zip file.
Kaspersky Lab warns of a new and unusually capable strain of Android spyware, "Skygofree." Among its features are location-based audio recording, interception of WhatsApp messages through Android Accessibility Service, ability to connect victim devices to attacker-controlled Wi-Fi, recording of Skype calls, and a keylogger. Kaspersky thinks Skygofree is the work of Italian lawful intercept shop Negg International.
Yesterday's cloture means Section 702 surveillance reauthorization is expected to advance to a vote in the US Senate this week.