BlackBerry Cylance has published an overview of recent activity by OceanLotus (also known as APT32 or CobaltKitty). They're particularly interested in Ratsnif, a set of remote access tools Vietnam's cyberoperators worked with and used since 2016. Ratsnif (which offers packet sniffing, gateway and device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing) had gone undetected for some time, probably because of its selective employment. It's not up to CobaltKitty's usual high standards of coding, and indeed BlackBerry Cylance finds it "sloppy." But then you only have to be good enough to attain your objectives, and achieve them Ratsnif generally did.
Google has removed more than a hundred apps from the Play Store after Trend Micro found one-hundred-eighty-two camera and game apps infested with adware. One-hundred-eleven were in Google Play, the rest in various third-party stores, CyberScoop reports.
Extortionists claiming to have installed a Trojan via EternalBlue-infected adult sites are lying. It's a pure scam, BleepingComputer says: delete the emails.
The Washington Post surveyed experts and found that most thought the US cyberattack against Iranian targets was the right call: it was nonlethal, properly discriminating in that it hit clearly military targets, and sensibly proportionate as a response to Iranian attacks on shipping and a US surveillance drone. Reservations the experts voiced involved concerns about escalation, the semi-public way the attack was avowed, the immature state of international laws of cyber conflict, and the possibility of attack tools escaping into the wild. An Iranian response can be expected, CipherBrief notes.