Ransomware payloads inside a VM. US sanctions WeChat and TikTok. Notes on APT41. Google vs. stalkerware, misrepresentation. | #espionage | #surveillance | #ceo

Sophos describes how Maze operators have begun distributing their ransomware payload inside a virtual machine, which renders it more difficult to detect. The Ragnar Locker gang began using the tactic earlier this year, and Maze is willing to learn from its criminal competition.

The US Department of Commerce this morning announced that most transactions with WeChat and TikTok will be banned, effective Sunday. Commerce explained the decision as follows: “While the threats posed by WeChat and TikTok are not identical, they are similar. Each collects vast swaths of data from users, including network activity, location data, and browsing and search histories. Each is an active participant in China’s civil-military fusion and is subject to mandatory cooperation with the intelligence services of the CCP. This combination results in the use of WeChat and TikTok creating unacceptable risks to our national security.” The action was taken pursuant to Executive Orders 13942 and 13943.

Seeking Alpha reports that TikTok is seeking allies among rival social platforms to challenge the coming US ban. And, whatever Washington ultimately decides about a TikTok spinoff, the Wall Street Journal notes that any such arrangement would require Beijing’s approval, too.

Symantec Enterprise takes the opportunity offered by US indictments to publish an overview of China’s APT41, which it tracks as “Grayfly” and “Blackfly.”

Google has announced more stringent policies against stalkerware and misrepresentation for Google Play. Threatpost points out that the rules are designed to rule out various developer dodges, but also allow exceptions for parental monitoring apps.

Click here for the original author and source.

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 48 = 51