anti-malware Archives

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.

Tech Optimizer

April 4, 2026

Best antivirus for Windows 11: Guide to choosing the right software

Windows 11 provides a more secure environment than previous versions, but recovery remains a concern for users. Built-in protections are limited against threats like phishing and ransomware. The need for antivirus solutions has evolved to include comprehensive protection and recovery options. Basic threat prevention is often insufficient for home users and remote workers, who risk losing important files. Microsoft Defender offers a solid foundation, but products like Acronis True Image combine anti-malware capabilities with backup and recovery features. Antivirus software is essential for Windows 11 users, protecting against various malicious software. Modern antivirus programs offer real-time protection, web protection, and identity theft protection. Users must consider free versus paid solutions, as premium options typically provide advanced features. Top antivirus picks for Windows 11 in 2026 include Acronis True Image, Bitdefender Total Security, McAfee Total Protection, Norton 360 Deluxe, and Microsoft Defender Antivirus. Acronis True Image stands out for its dual functionality of prevention and recovery, utilizing AI-driven analysis to monitor unauthorized changes. Backup-focused alternatives like EaseUS Todo Backup Home and Macrium Reflect Home specialize in recovery but lack comprehensive antivirus protection. The choice between paid and free antivirus depends on whether Microsoft Defender meets users' needs. Paid suites generally offer deeper protection and advanced features. The best antivirus should provide robust protection while minimizing system impact, tailored to users' specific needs for prevention or recovery.

Winsage

April 2, 2026

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

A campaign targeting Windows users exploits WhatsApp attachments to execute a malicious .vbs script. Victims receive what appears to be a harmless attachment, which, when opened, duplicates legitimate Windows tools into a hidden folder and renames them to avoid detection. These tools are then used to download additional malware from reputable cloud services, disguising the malicious activity. The malware seeks administrator privileges by altering User Account Control settings and registry entries for persistence. It ultimately installs remote-access software and other payloads to maintain control over the compromised device. Malwarebytes recommends safety measures such as avoiding unsolicited attachments, enabling file extensions, using updated anti-malware tools, downloading software from official sites, being cautious of unexpected UAC prompts, and keeping systems updated.

Winsage

April 1, 2026

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers have identified a campaign that exploits WhatsApp attachments to infiltrate Windows machines, allowing attackers remote control. The attack uses social engineering tactics, where users receive a seemingly benign .vbs (Visual Basic Script) file that can be executed on Windows. This method does not rely on software vulnerabilities but on persuading victims to execute the malicious file. Attackers manipulate built-in Windows tools to download further malware, employing a technique known as living off the land (LOTL) to avoid detection. The malware seeks to elevate its privileges to administrator status, modifying User Account Control (UAC) prompts and registry settings for persistence. An unsigned MSI (Microsoft Installer) is deployed to establish remote-access software, granting continuous access to the compromised machine.

Tech Optimizer

March 27, 2026

Back up and secure your computers with Acronis True Image — now 50% off for a limited time

Acronis is offering a price reduction of up to 50% on its True Image product until April 17, with three plans available: Essentials, Advanced, and Premium. Customers can receive a 30% discount for a single computer and a 50% discount for three or five PCs. Acronis True Image provides full system image backups, continuous antivirus and anti-malware protection, and supports both local and cloud storage options. The product includes built-in ransomware protection and allows for quick restoration of files in case of data loss.

Tech Optimizer

March 27, 2026

Bogus Avast website fakes virus scan, installs Venom Stealer instead

A deceptive website impersonating Avast antivirus tricks users into downloading Venom Stealer malware, which steals passwords, session cookies, and cryptocurrency wallet information. The site conducts a fake virus scan, falsely reporting threats to encourage users to download a malicious file named Avastsystemcleaner.exe. This file mimics legitimate software and operates stealthily, targeting web browsers to harvest credentials and session cookies. It also captures screenshots and sends stolen data to the command-and-control domain app-metrics-cdn[.]com via unencrypted HTTP. The malware employs evasion techniques to avoid detection and is part of a long-standing cybercrime tactic that exploits user trust in security software. Indicators of compromise include the file hash SHA-256: ecbeaa13921dbad8028d29534c3878503f45a82a09cf27857fa4335bd1c9286d, the domain app-metrics-cdn[.]com, and the network indicator 104.21.14.89.

AppWizard

March 23, 2026

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

Google has introduced a new mechanism called Advanced Flow within Android to facilitate the sideloading of APKs from unverified developers for power users while enhancing security. This system will launch in August and aims to balance user flexibility with protection against malware and scams, which caused losses of approximately billion last year. To install APKs from unverified developers, users must complete a one-time process that includes activating Developer Mode, confirming they are not influenced by threat actors, restarting the device, and verifying the legitimacy of modifications after a day. Once completed, users can install applications from unverified developers and choose to enable them for a week or indefinitely, with Android providing a warning about the unverified source. The Advanced Flow process is designed to prevent users from being coerced into installing malicious software during scam attempts. Google emphasizes that this system is a compromise between Android's openness and necessary user protections, leading to upcoming developer verification requirements. All Android app publishers will need to undergo identity verification by Google, with non-compliance resulting in blocked software installations on certified Android devices. This verification initiative is now set for rollout in August 2026.

AppWizard

March 20, 2026

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google has introduced a new "advanced flow" for Android sideloading, which includes a mandatory 24-hour waiting period for users installing applications from unverified developers. This follows a developer verification mandate requiring all Android applications to be registered by verified developers to help identify malicious actors and reduce malware distribution. The new sideloading protocol aims to mitigate risks from cybercriminals who may deceive users into disabling Play Protect, Google's anti-malware feature. Over 50 app developers and marketplaces, including F-Droid and Brave, have expressed concerns about the registration requirements, arguing they could create barriers and raise privacy issues. Google has outlined a one-time process for sideloading apps, which includes enabling developer mode, confirming voluntary sideloading, restarting the device, waiting 24 hours, and using biometric authentication or a PIN to install apps. Google plans to introduce free "limited distribution accounts" for hobbyist developers and students to share apps with up to 20 devices without needing government-issued IDs or registration fees. This process will not apply to installations via the Android Debug Bridge (ADB) and is set to be available in August 2026, ahead of new developer verification requirements. This announcement comes as a new Android malware, Perseus, targets users in Turkey and Italy, with at least 17 distinct Android malware families identified in the past four months.

Tech Optimizer

March 11, 2026

XShield Review 2026: Don’t Buy Antivirus, VPN & Ad Blocker Before Reading This!

XShield is a multi-feature digital security suite operated by Xshield Technologies AG and Xshield USA Inc., governed by Swiss law. It combines six protection categories: antivirus, secure VPN, cyber privacy protection, anti-ransomware, dark web monitoring, and mobile security, supporting unlimited devices across iOS, Android, Windows, and macOS. As of March 2026, XShield offers two pricing plans: a monthly plan at .99 and an annual plan at .99, both including full access to all features and 24/7 customer support. It provides a 30-day money-back guarantee for first-time purchases. XShield lacks independent third-party lab certifications. Contact information includes a phone number (+1 800 358 9107), email (care@xshield.com), and 24/7 live chat support.

Tech Optimizer

March 11, 2026

4 Free Antivirus Programs Consumer Reports Rates Better Than Windows Defender

The global cybersecurity market is projected to grow from nearly billion in 2025 to over billion by 2033, according to Grand View Research. Consumer Reports has ranked various antivirus products to assist consumers in selecting the right solutions. In the Free Anti-Malware Programs category, AVG Antivirus FREE ranked fourth, offering superior overall protection compared to Microsoft Defender, which placed sixth. AVG's free version is ad-supported and noted for its comprehensive protection against threats, including adware. Avast Free Antivirus and AVG scored similarly, but both feature intrusive advertisements. Bitdefender Antivirus Free for Windows ranked second, providing a more intuitive user experience with basic ransomware protection. Avira Free Security Suite topped the rankings, offering a full suite of security features and options for additional subscription models.