RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: italy (2 articles)Clear
threat
2026-05-08

New 'TCLBanker' Android malware spreads itself by hijacking WhatsApp and Outlook to message every contact in the victim's address book

Researchers disclosed TCLBANKER, an Android banking trojan that adds worm-style self-propagation: once installed, it abuses Accessibility Services to read the victim's WhatsApp and Outlook contact lists and then send malicious download links to every contact as if from the victim. The malware targets banking and crypto-wallet apps with overlay screens that capture credentials, plus SMS-interception modules that grab one-time passcodes. Self-spreading via the victim's own messaging history defeats traditional URL-reputation controls. The campaign concentrates in Brazil, Spain, and Italy banking apps initially. Operators are renting access on Telegram for $1,500-3,000/month.

tclbankerandroid-banking-trojanwhatsapp-wormoutlook-wormself-propagationaccessibility-servicesoverlay-attacksms-interceptionbrazilspainitalytelegram-rental
Check
Brief staff who manage Android devices that any 'app download' link sent through WhatsApp or Outlook from a known contact during business hours should be verified out-of-band before clicking. Review unfamiliar Android apps requesting Accessibility Services.
Affected
Android users in Brazil, Spain, and Italy initially - but worm-style spread will broaden the geography rapidly. Acute risk: anyone whose phone has Accessibility Services enabled for any third-party app. Banking and cryptocurrency app users face credential theft via overlay attacks. Contact networks of infected users get the lures next.
Fix
On managed Android devices: enforce MDM policies that block sideloading and require approval for any app requesting Accessibility Services. Disable Accessibility Services for apps that don't genuinely need it. Brief staff on the worm-spread pattern: contacts sending links to download apps is a hostile signal regardless of who the sender is.
threat
2026-04-27

Italy extradites Chinese national accused of running spear-phishing operation against US Covid researchers - first such extradition from Europe to US

Italy extradited Chinese national Xu Zewei to the US on Friday, where he is accused of running a years-long Chinese government-linked spear-phishing campaign that targeted US Covid-19 researchers, universities, and law firms. The case is notable because it's the first time a European country has extradited a Chinese state-linked hacker to the US, and signals tighter coordination between European and US prosecutors on China-attributed cyber operations. Xu was arrested in Milan in July 2024 on a US warrant; Italy's highest court approved the extradition this month after his appeals were exhausted. He could spend decades in US federal prison.

xu-zeweichinaextraditionitalyspear-phishingcovid-researchcfaafirst-european-extradition
Check
If your research, healthcare, or legal organization worked on Covid-related materials, expect renewed targeting from China-linked groups now that one of their operators faces US prosecution.
Affected
Universities, research labs, hospitals, and law firms that worked on Covid-19 vaccine development, treatment research, public health policy, or related litigation between 2020 and 2024. Organizations named in the Xu Zewei indictment are at high risk for retaliation. More broadly: any organization holding biomedical research IP, particularly with Chinese researchers in their network.
Fix
Brief researchers and legal staff on the spear-phishing pattern: emails from people they actually know asking for documents or login help, with subtle indicators like off-pattern grammar or unusual sender domains. Add MFA to research-data and legal-discovery systems. Monitor outbound transfers of research datasets to unfamiliar destinations. Treat the extradition as a likely catalyst for retaliatory campaigns.