abuse Archives

AppWizard

April 21, 2026

Trojanized Android App Fuels New Wave of NFC Fraud

A new variant of the NGate malware family has emerged, using a trojanized Android application to capture payment card data and personal identification numbers (PINs). This modified version of HandyPay, a legitimate NFC relay app, has been distributed since November 2025, primarily targeting users in Brazil. The malware intercepts NFC payment card data and allows fraudulent transactions. Two distinct malware samples have been observed, delivered through phishing infrastructure that impersonates a Brazilian lottery site and a Google Play listing for a card protection tool. The trojanized app captures NFC data, requests the victim's card PIN, and transmits this information to attacker-controlled infrastructure. It requires minimal permissions, leveraging its role as the default payment application to evade detection. Evidence suggests that generative AI tools may have been used in its development, indicated by emoji markers in debug logs. ESET has reported its findings to Google, and Google Play Protect can detect known versions of the malware. The developer of HandyPay is investigating the misuse of its application.

AppWizard

April 18, 2026

BAFTA pulls game trailer over ‘themes that may be a trigger’ even after developer revision

Alyx Jones, founder of Silver Script Games, had the trailer for her upcoming game, The Quiet Things, pulled from the BAFTA awards due to its sensitive content. BAFTA stated the decision was made to protect guests from potentially triggering themes without sufficient warning. The trailer, which explores themes of abuse and trauma, is now available on YouTube and is described as less shocking than some other recent games. Jones emphasized the personal significance of her work, highlighting its focus on trauma, survival, and giving a voice to survivors.

AppWizard

April 18, 2026

The BAFTA Games Awards pulls indie game’s trailer at the last minute, citing “the wellbeing of all guests”

Alyx Jones, founder of Silver Script Games, expressed disappointment after BAFTA withdrew the trailer for her indie adventure game, The Quiet Things, from its showcase due to sensitive content. The game is an autobiographical narrative about a fractured childhood in the South of England, addressing themes of abuse, self-harm, suicide, and sexual assault. Despite revising the trailer to mitigate concerns, Jones was informed there wasn't enough time to add appropriate warnings. BAFTA stated the decision was made to prioritize the wellbeing of guests, as the trailer contained potentially triggering themes. The Quiet Things is scheduled for release on June 4, and a free demo is available on Steam. Jones is seeking community support to increase the game's visibility following the withdrawal of the trailer.

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

Winsage

March 27, 2026

Microsoft tells crusty old kernel drivers to get with the Windows Hardware Compatibility Program

Microsoft is enhancing the security of the Windows kernel by eliminating trust for kernel drivers not certified through the Windows Hardware Compatibility Program (WHCP) starting with the April 2026 Windows Update. This change specifically targets kernel drivers signed by the now-obsolete cross-signed root program, which has been associated with security vulnerabilities. The new policy will initially be introduced in an "evaluation mode" to monitor and audit driver loads for potential compatibility issues. Custom kernel drivers can still be used under the Application Control for Business policy, but must be signed by an authority within the device's Secure Boot Platform Key or Key Exchange Key variables. The changes will impact Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025.

AppWizard

March 25, 2026

‘Is my mom okay?’: Boy watching ‘Minecraft’ movie hears his mother getting shot in head

A 5-year-old boy witnessed his pregnant mother, Monique Aldridge, being fatally shot in the head by her ex-boyfriend, Vaughn Boatner, in Hayward, California, on May 11, 2023. Boatner entered the home by sliding under a partially open garage door. He fled to Seattle after the shooting but was later apprehended. Aldridge's boyfriend was also severely injured in the attack. Boatner was sentenced to 35 years in prison after pleading no contest to voluntary manslaughter and attempted murder. The boy, unharmed, was found safe by responding officers, and it was revealed that he was the child of both Aldridge and Boatner. Aldridge and her boyfriend had recently argued over a minor disagreement. Boatner confronted Aldridge about their son's safety before the shooting. Aldridge's boyfriend locked the boy in a closet for protection during the chaos. Boatner's sentencing occurred on March 19, and Aldridge's family is committed to supporting her son.

AppWizard

March 16, 2026

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is piloting a security enhancement in its Android Advanced Protection Mode (AAPM) that restricts certain applications from using the accessibility services API. This update is part of Android 17 Beta 2. AAPM, introduced in Android 16, enhances device security by blocking app installations from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. Developers can integrate with AAPM through the AdvancedProtectionManager API to adapt their apps based on the security mode's status. The new restriction prevents non-accessibility apps from accessing the accessibility services API, allowing only verified accessibility tools like screen readers and voice-based input tools. Non-accessibility apps, including antivirus software and password managers, will have their access revoked when AAPM is activated, and users cannot grant permissions to these apps unless AAPM is disabled. Additionally, Android 17 introduces a new contacts picker feature that allows developers to specify which fields to access from a user's contact list, providing more granular control over data access.

Winsage

March 11, 2026

Windows Hello gets passkey support for Entra accounts

Microsoft is enhancing the sign-in process for Microsoft Entra on Windows devices by introducing support for passkeys that integrate with Windows Hello, reducing reliance on traditional passwords. This feature aims to improve resistance against phishing attacks and will begin its optional public preview between mid-March and the end of April 2026 for organizations globally. Government cloud environments will have a separate preview from mid-April to mid-May. Administrators must activate this functionality for users. Employees will be able to access Entra-secured services using Windows Hello through biometric recognition or a PIN code, with cryptographic keys securely stored on the device. This method protects against phishing and account abuse since the keys remain on the device and are not vulnerable to interception. Passkeys will also work on Windows systems not linked to Entra, allowing access to company resources without passwords on personal or shared devices. Each Entra account generates a unique passkey per device, and synchronization between devices is not supported. Administrators need to enable the FIDO2 passkey method within Entra’s authentication policy to activate this feature. Microsoft aims to gradually eliminate passwords, providing stronger defenses against phishing and account compromise.

AppWizard

March 11, 2026

New Telegram app lets whistleblowers report fraud without sharing personal data

AlphaTON Capital Corp. and the Midnight Foundation launched the Vera Report, an anonymous reporting application for whistleblowers, on March 3, 2026. The platform uses advanced technologies such as confidential computing, zero-knowledge proofs, blockchain anchoring, and decentralized storage via IPFS. It targets a market of 1 billion monthly active users and addresses significant U.S. fraud losses estimated between 0 billion and trillion, with the DOJ recovering .8 billion in fiscal year 2025, of which .3 billion came from whistleblower cases. On the announcement day, ATON shares declined by 2.07%, with a market cap impact of approximately K. The Vera Report aims to improve privacy and accountability in government and corporate sectors by facilitating anonymous reporting while protecting whistleblower identities.

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.