analysis Archives

Winsage

April 14, 2026

This fake Windows 11 24H2 update looks perfect, until it avoids antivirus and steals your passwords

Cybercriminals are using sophisticated tactics to deceive users, particularly with a counterfeit website posing as a legitimate Windows 11 update. This site operates under the domain microsoft-update[.]support and is designed to trick individuals into downloading malware that compromises sensitive information. The site is written in French and mimics a genuine cumulative update for Windows 11, version 24H2, featuring a convincing KB article number and a blue download button. The malware is packaged as a Windows update using the WiX Toolset 4.0.0.5512 and is labeled "WindowsUpdate 1.0.0.msi," with properties that suggest it is from Microsoft. At the time of analysis, VirusTotal showed no detections for the malware, which conceals its harmful code within an Electron shell, making it difficult to identify. Users are advised to download updates directly through the Windows Settings app or from Microsoft's official support hub.

Winsage

April 14, 2026

Microsoft is rolling out a ‘turbo mode’ for Windows 11 installation as part of the big drive to fix the OS

Microsoft has enhanced the Windows 11 installation process by allowing users to bypass the update phase during setup, potentially reducing installation time by 20 to 30 minutes. This feature is currently being rolled out and enables users to pause updates indefinitely, a change from the previous maximum delay of five weeks. Users who skip updates during installation may miss crucial security fixes and features, leaving their systems vulnerable. A suggested approach is to use the skip feature during installation and then initiate updates once on the Windows 11 desktop. Some users have speculated that this decision may be influenced by the growing popularity of alternatives like Linux and Apple's MacBook Neo.

Tech Optimizer

April 14, 2026

Norton (durch Symantec Übernahme teilweise verknüpft, aber Marke liegt bei Gen Digital. Broadcom i

Norton, owned by Gen Digital, provides antivirus software, VPN services, and identity theft monitoring to protect users from cyber threats such as malware and phishing attacks. The company emphasizes subscription-based revenue through Norton 360, which bundles various security features, ensuring predictable cash flow. Norton competes with other antivirus brands like McAfee and Bitdefender, maintaining a strong market share in North America due to its established brand trust. The demand for cybersecurity tools is driven by rising cyber threats, including ransomware attacks and increased remote work, which necessitate robust online protection. Gen Digital is investing in AI-driven threat detection and expanding its offerings to address evolving security needs. However, Norton faces challenges from free alternatives, potential privacy concerns, and macroeconomic pressures that could affect consumer spending on security products.

AppWizard

April 14, 2026

After his city builder flopped in early access, Firewatch’s Nels Anderson didn’t give up: ‘Smarter people than me … probably would’ve pulled the plug’

Nels Anderson, the game designer behind Generation Exile, faced a challenging situation after its early access launch on Steam, where despite having over 35,000 wishlists and being one of the top 70 most played demos during Next Fest, the game sold only a few hundred copies. In response to disappointing early access feedback, Anderson and his team at Sonderlust Studios spent six months refining the game, completing its final two story chapters, introducing a new biome, fixing bugs, and overhauling the user interface. Currently, Generation Exile has 31 user reviews on Steam with an overall positive average. Anderson critiques the gaming industry's focus on immediate results, expressing concern over the implications of prioritizing retention over genuine player satisfaction. Generation Exile is set for full release on April 17.

Tech Optimizer

April 13, 2026

Fake Windows 11 support site offers ‘update’ that steals data and evades antiviruses

Malwarebytes has discovered a counterfeit Windows support site offering a fake "cumulative update" for Windows 11 24H2. Users who click the "Download Update" button download an 83MB package designed to compromise sensitive information, including passwords and payment details. The file, named WindowsUpdate 1.0.0.msi, falsely lists Microsoft as the author and is created using WiX Toolset 4.0.0.5512. VirusTotal reported zero detections for the main executable and VBS launcher, highlighting the malware's architecture designed to evade detection. The malicious website's address includes "microsoft-update.support," differing from the legitimate support site. Malwarebytes has added the malicious site to its detection service database.

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

BetaBeacon

April 11, 2026

В PRAGMATA They showed a union between a human and an android on the Moon

Capcom unveiled a new trailer for their sci-fi action film PRAGMATA, showcasing the relationships between the main characters Hugh and the android Diana. The game features a unique blend of action and hacking mechanics, with a focus on character interactions. The release date is set for April 17, 2026, on various gaming platforms.

Tech Optimizer

April 10, 2026

Popular Monitor Utilities, CPU-Z And HWMonitor, Have Been Infected With Malware

Recent reports indicate that the hardware monitoring tools HWMonitor and CPU-Z have been compromised, leading to users downloading malware instead of the legitimate software. Users reported receiving suspicious executable files and antivirus alerts when attempting to download the latest versions. A specific incident involved a user who downloaded HWMonitor from the official CPUID website, only to find the file was labeled incorrectly and flagged as a virus by Windows Defender. Cybersecurity experts confirmed that this is a serious issue involving a multi-stage trojanized attack from a compromised domain. The developer of CPU-Z and HWMonitor acknowledged that a secondary feature linked to the website was compromised for about six hours, causing the main website to display incorrect files. Users are advised to refrain from downloading or updating these utilities until the issue is resolved.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

AppWizard

April 9, 2026

This new app may free Galaxy Watch owners from Samsung’s phone-locked features

A new application called the GeminiMan Wellness Companion has been developed for Galaxy Watch users by Dante63, who previously created a patched version of the Samsung Health Monitor. The app allows users to record electrocardiogram (ECG) data from the Galaxy Watch, providing detailed reports and AI-driven analysis through a mobile app. It can track heart rhythm and rate, flagging abnormal rhythms, which the Samsung Health Monitor does not. Users can personalize their measurements with notes and create multiple profiles for different users. The app ensures data security through encryption and offers export options for ECG reports in CSV or PDF formats. Future updates will include blood pressure recording and additional health metrics like blood oxygen levels and sleep patterns. The development roadmap is available on the GeminiMan Wellness Companion GitHub page.