Italian Guardia di Finanza has dismantled CINEMAGOAL, an unusual piracy operation whose customers installed an app on their devices that authenticated directly to legitimate Netflix, Disney+, Spotify, Sky, and DAZN. A network of virtual machines in Italy captured fresh authentication and decryption codes from real subscriptions (opened under false identities) every three minutes and redistributed them to subscribers, who streamed at full quality with their real IPs masked. Operation 'Tutto Chiaro' executed 100 searches across Italy, seized servers in France and Germany, and identified about 70 resellers. The first 1,000 subscribers have been fined between €154 and €5,000.
Researchers disclosed TCLBANKER, an Android banking trojan that adds worm-style self-propagation: once installed, it abuses Accessibility Services to read the victim's WhatsApp and Outlook contact lists and then send malicious download links to every contact as if from the victim. The malware targets banking and crypto-wallet apps with overlay screens that capture credentials, plus SMS-interception modules that grab one-time passcodes. Self-spreading via the victim's own messaging history defeats traditional URL-reputation controls. The campaign concentrates in Brazil, Spain, and Italy banking apps initially. Operators are renting access on Telegram for $1,500-3,000/month.
Italy extradited Chinese national Xu Zewei to the US on Friday, where he is accused of running a years-long Chinese government-linked spear-phishing campaign that targeted US Covid-19 researchers, universities, and law firms. The case is notable because it's the first time a European country has extradited a Chinese state-linked hacker to the US, and signals tighter coordination between European and US prosecutors on China-attributed cyber operations. Xu was arrested in Milan in July 2024 on a US warrant; Italy's highest court approved the extradition this month after his appeals were exhausted. He could spend decades in US federal prison.