The CyberWire Daily Podcast 5.23.23
Ep 1829 | 5.23.23

BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.

Show Notes

AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Court’s section 230 rulings. Our guest is Mike DeNapoli from Cymulate with insights on cybersecurity effectiveness. And a trio of commercial spyware cases.

Selected reading.

Android app breaking bad: From legitimate screen recording to file exfiltration within a year (ESET)

Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials (ESET)

BlackCat Ransomware Deploys New Signed Kernel Driver (Trend Micro)

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor (Permiso)

Uncle Sam strangles criminals' cashflow by reining in money mules (The Register)

German prosecutors charge four over violating trade act to sell spyware to Turkey (Washington Post)

Israel Torpedoed Morocco Spyware Deal - and NSO Competitor QuaDream Shut Down (Haaretz)

He Was Investigating Mexico’s Military. Then the Spying Began. (New York Times)