Not that long ago, a Ukrainian security researcher published a vast number of internal chats from the Ransomware group Conti. On top of that treasure trove of information the same researcher also published the source code for the Conti Ransomware. The leak of information came after the Conti group pledged their full support of the Russian invasion of Ukraine and vowed to target anyone they felt was waging cyber-war on Russia. The message was later toned down, but the effect still lingers and was one of the moves that started an interesting threat group war.

Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is really Amazon’s Lambda Serverless function in AWS while the threat is a bit of crypto mining malware that appears to have been specifically written for Lambda in Google’s Go.

It looks like there has been another round of malware identified on the Google Play sore and, you guessed it, the majority is focused on banks and other financial institutions. The combination of apps found totals around 515,000 downloads. 500,000 of these downloads are being attributed to a new trojan dubbed Octo and appears to be distributed via fake apps uploaded to the Google Play store.

For some reason, malware, attacker tools, and even the threat groups themselves tend to be viewed and talked about as static objects (outside of the security and threat analytics world). Malware is just Malware, the same with Ransomware strains. Once they get named, they are that way forever. However, that is the farthest thing from reality. Threat Groups evolve their tactics, toolsets, and they even have DevOps around their malware/ransomware.