abuse Archives

Winsage

June 2, 2026

PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems

PHANTOMPULSE is a remote access trojan (RAT) used as a final payload in multi-stage attacks targeting Windows environments. It employs advanced post-exploitation techniques, including process injection, User Account Control (UAC) bypass, and a decentralized blockchain-based command-and-control (C2) mechanism. The malware utilizes three process injection techniques: module stomping, manual DLL mapping, and debug-driven execution. It avoids detection by using direct system calls instead of standard Windows APIs and incorporates a hardware breakpoint mechanism to disable security protections like AMSI and ETW. PHANTOMPULSE retrieves its C2 server address from Ethereum-based transaction data but has a vulnerability that allows defenders to hijack communication. It achieves persistence through scheduled tasks and supports self-healing capabilities. Privilege escalation is done using the "schuac" UAC bypass technique. The malware conducts system reconnaissance focusing on cryptocurrency wallets and messaging apps but does not directly steal credentials. It shows signs of AI-assisted development and shares tactics with DPRK-aligned threat groups, particularly in targeting cryptocurrency platforms.

AppWizard

June 1, 2026

Android 18 Could Ban Battery-Draining Apps From the Play Store

Google is planning to implement stricter efficiency requirements for third-party applications with the launch of Android 18 in 2027. Developers may need to optimize their applications by removing unnecessary functions and background processes to avoid penalties, including potential removal from the Google Play Store. The focus will be on reducing battery drain, device overheating, memory consumption, background resource abuse, and improving overall system performance. If enforced, these changes could lead to longer battery life, reduced heating issues, faster performance, and improved reliability for users. However, developers may face challenges in optimizing their applications to meet these new standards.

AppWizard

May 28, 2026

Fake ‘Cockroach Janta Party’ Android app flagged as critical malware threat, report warns

A cybersecurity report released on May 22, 2026, identifies a counterfeit Android application posing as the official app of the Cockroach Janta Party as a significant malware threat. The malicious app, known as Cockroach.Janta.Party, functions as a Remote Access Trojan (RAT) and can infiltrate Android devices, steal sensitive information, intercept communications, and control infected smartphones. The genuine Cockroach Janta Party has no affiliation with this app and is a victim of brand impersonation. The app is distributed through WhatsApp, Telegram, and misleading websites, particularly a rogue domain, cockroachjantaparty[.]org. It targets Android devices running versions 8.0 to 14 and requests elevated permissions, including access to camera, SMS, call logs, and contacts, while misusing the Android Accessibility Service to read on-screen content and grant itself additional permissions. The app contains multiple malicious modules for data exfiltration and uses a Command and Control infrastructure based on the Telegram Bot API. Users are advised to uninstall the app, disable Accessibility permissions, reset banking credentials, enable two-factor authentication, and conduct a full mobile security scan. The legitimate Cockroach Janta Party is encouraged to issue a formal clarification regarding the impersonation.

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

AppWizard

May 20, 2026

Nationwide banking app update ahead of Fairer Share £100 decision

Beginning Thursday, Nationwide customers can conceal payment references on incoming bank transfers within the app. This feature aims to help prevent abusers from using banking systems to maintain unwanted contact and control over survivors. Domestic abuse charities have raised concerns about payment references being used for harassment, with some abusers sending messages or threats through these references. Nationwide's initiative empowers customers to control what is visible in their accounts. Approximately 4.2 million women in the UK have experienced economic abuse, which can include controlling bank accounts and monitoring financial activity. Nationwide's vulnerability support team assisted 312 customers facing abuse in 2025, an increase from 213 the previous year. The organization has also established “safe spaces” in hundreds of branches for domestic abuse support. Campaigners urge other banks to assess how banking features might be exploited by abusers, and Nationwide is considering extending similar functionalities to Virgin Money customers in the future.

Winsage

May 20, 2026

MSHTA abuse helps malware hide in Windows processes

Bitdefender's research highlights the use of Microsoft's MSHTA utility in malware attacks, noting its default activation in Windows systems. Cybercriminals exploit MSHTA to execute malicious scripts under the guise of legitimate processes, linking it to various malware families like LummaStealer and PurpleFox. The study reports a rise in MSHTA-related detections, indicating a shift towards "living-off-the-land" tactics that utilize legitimate tools to evade security alerts. Social engineering is identified as a common entry point for attacks, employing deceptive methods such as fake software downloads and phishing links. MSHTA can retrieve and execute additional payloads through multi-stage chains, complicating detection efforts. The attacks target sensitive information, including credentials and financial data, and the continued presence of MSHTA poses risks as it allows threat actors to conceal malicious actions. To mitigate these threats, organizations are advised to restrict or disable legacy scripting tools and exercise caution with untrusted downloads. The report emphasizes the challenge of detecting unusual behaviors associated with legitimate utilities in the context of cyber threats.

AppWizard

May 14, 2026

Google may be cutting free Gmail storage for new accounts down to 5GB

Google may reduce free account storage from 15GB to 5GB for users who do not link a phone number during signup. Users who connect a phone number can still access the full 15GB storage. Google has updated its support page to state "up to 15GB" of free storage instead of a guaranteed 15GB.

AppWizard

May 12, 2026

Popular PlayStation emulator clamps down on AI submissions: ‘Leave behind something useful to humanity when you’re gone, instead of peddling slop’

The RPCS3 development team has publicly addressed the influx of AI-generated pull requests (PRs) in their project, urging contributors to stop submitting what they call "AI slop code" and warning that they will ban those who do not disclose AI contributions. They expressed concern over poorly constructed PRs, particularly affecting their macOS build, and emphasized the importance of understanding the code being contributed. The team clarified that their issue is not with the use of AI code itself, but with the lack of disclosure. They have established new guidelines for AI contributions, allowing the use of AI tools for research and reverse engineering, but requiring contributors to fully understand and take ownership of their code. All communication with the team must come from human contributors, not AI.

AppWizard

May 12, 2026

Marathon reconsiders bug abuse approach after player uses Cryo Archive exploit to butcher an entire team

Bungie is reviewing its policies regarding player actions that exploit bugs in Marathon following a viral incident where a player used a flaw in the Cryo Archive map to eliminate another team. The company plans to compensate those affected by this incident and will address the bug before reintroducing the map. Bungie has historically not penalized players for going out of bounds but is considering stricter penalties for deliberate exploitation of bugs that negatively impact others. Since the launch of the Cryo Archive map, players have faced numerous issues, prompting ongoing patches and updates.

AppWizard

May 11, 2026

Jewish teen subjected to antisemitic slurs on Minecraft, inquiry told

A Perth teenager shared his experience of online bullying during a Royal Commission on Antisemitism and Social Cohesion hearing, detailing how classmates hurled antisemitic slurs at him while playing Minecraft. He felt isolated and distressed, confiding in his parents, who reported the bullying to the school. The school addressed the situation, leading to apologies from the students involved. The boy's mother expressed concerns about rising antisemitism, drawing parallels to her past experiences in the former Yugoslavia. Rabbi Menachem Dadon honored his friend Rabbi Eli Schlanger, who was killed in a shooting attack. Julie Nathan from the Executive Council of Australian Jewry reported a 316 percent increase in antisemitic incidents from 2023 to 2024, with over 1,600 incidents recorded in the past year. Musician Joshua Moshe faced online abuse after discussing Jewish history in a WhatsApp group, leading to threats and vandalism. Musician Deborah Conway experienced backlash and harassment after comments about military actions in Gaza, resulting in canceled gigs and protests. The Royal Commission continues to investigate antisemitism, having received over 9,600 submissions, primarily from Jewish individuals.