Researchers at ThreatFabric are tracking what they've named "MysteryBot," multifunctional Android malware under criminal development that combines a keylogger with a banking Trojan and mobile ransomware. MysteryBot seems capable of targeting both Android 7 and 8 devices. MysteryBot abuses Usage Access permissions. ThreatFabric assesses the new malware as derived from LokiBot, whose source code has leaked. MysteryBot's ransomware module seems defective, but ThreatFabric thinks the developers are working on a tool that will fetch a good price in the black market.
The authors of "Satan" ransomware have rebranded and upgraded their product. MalwareHunter says the criminals behind the code are now calling it "DGBer," and have incorporated Mimikatz to facilitate lateral movement within targeted networks.
Apple may have closed off an access point police had used to get into suspects' iOS devices, but forensic experts think Grayshift may have found a way around the new USB Restricted Mode. In other intercept news, Elcomsoft says it's upgraded its Phonebreaker tool to decrypt iMessages in iCloud.
Kaspersky will suspend cooperation with Europol. The Russian cybersecurity firm has long partnered with European police investigation of cybercrime, but now that the European Parliament has called for a ban on its products (as security risks) Kaspersky has said goodbye to all that.
The US Justice Department's Inspector General released the report on the FBI's investigations of "Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election." Its 586 pages find more impropriety and insubordination than political bias.