attack Archives

AppWizard

June 22, 2025

All Minecraft players risk having money stolen in seconds in ‘undetected’ attack

Recent findings from CheckPoint Research indicate that millions of Minecraft players are at risk of having their sensitive information compromised due to a malicious campaign targeting the game's modding community. This campaign exploits the modding ecosystem by disseminating malware through platforms like GitHub, specifically using a network of accounts known as the Stargazers Ghost Network. These accounts impersonate popular cheats and scripts, misleading users into downloading harmful Java files that can extract personal information from their systems. Since March 2025, CheckPoint Research has been monitoring these malicious repositories, which have evaded detection by antivirus engines. The potential data at risk includes private conversations, cryptocurrency wallets, and browser logins. Additionally, a significant data breach has exposed approximately 16 billion logins for various platforms, increasing the urgency for users to protect their digital identities.

AppWizard

June 21, 2025

Godfather Android trojan uses virtualization to hijack banking and crypto apps

Zimperium zLabs has identified a new version of the GodFather Android trojan, which uses on-device virtualization to hijack legitimate banking and cryptocurrency applications. This malware creates a sandbox environment on the victim's device to run actual applications while intercepting user input in real time, allowing for complete account takeovers and bypassing security measures. The current campaign primarily targets Turkish banks. The GodFather malware employs ZIP manipulation and obfuscation techniques to evade detection, concealing its payload within the assets folder and using session-based installation methods. It utilizes accessibility services to monitor user input, automatically grant permissions, and exfiltrate data to a command-and-control (C2) server via Base64-encoded URLs. The trojan leverages open-source tools like Virtualapp and Xposed to execute overlay attacks, virtualizing applications within a host container. It scans for specific banking applications, downloads Google Play components into a concealed virtual space, and creates a deceptive environment to execute genuine banking applications. When users access their legitimate banking apps, GodFather redirects them to counterfeit versions within its virtual space, capturing their interactions. The malware employs advanced hooking techniques tailored to banking applications, intercepting network connections and capturing sensitive information. It can also compromise lock screen credentials by displaying fake overlays. GodFather supports a wide range of commands, allowing attackers to simulate gestures, manipulate screen elements, and steal sensitive data while remaining hidden from users and security tools. The malware targets over 484 popular applications, including banking, cryptocurrency, e-commerce, and social media platforms, with a current focus on a dozen Turkish financial institutions. This discovery marks a significant advancement in mobile malware capabilities compared to previous threats.

AppWizard

June 20, 2025

‘Godfather’ Malware Is Now Hijacking Banking Apps on Android

The latest version of the "Godfather" malware targets Android devices, capable of hijacking legitimate banking applications and complicating detection. Initially detected in 2021, it used screen overlay attacks to trick users into entering sensitive information. The new iteration introduces a virtualization capability, creating a virtual environment on the device that allows it to intercept and manipulate user interactions with banking apps. This malware can harvest account credentials and exert remote control over the device, enabling unauthorized transactions. Currently, it affects nearly 500 applications, primarily targeting banks in Turkey, with potential for global spread. Users are advised to download apps only from trusted sources, modify permission settings, enable Google Play Protect, keep devices updated, and audit installed applications to protect against this threat.

Winsage

June 20, 2025

Microsoft Axes Old Drivers, Sparks Compatibility Debate

Microsoft is removing outdated drivers from Windows Update to enhance system reliability and reduce security vulnerabilities. This initiative may disrupt users who rely on legacy hardware, as many older devices lack updated driver support from manufacturers. IT administrators face challenges in finding alternative drivers or workarounds for critical systems, as not all hardware vendors provide timely updates. The move reflects a broader trend of prioritizing security and efficiency over backward compatibility, raising concerns about the implications for users with integrated legacy systems. Critics suggest that Microsoft should offer clearer guidance and transitional support for affected users.

AppWizard

June 20, 2025

Today’s Android app deals and freebies: Meteorfall Journeys, Towaga, Lumino City, more

A new wave of Android game and app deals has emerged, including savings on Samsung Galaxy Book laptops and Lenovo’s Legion Go PC gaming handheld. Discounts are available on the 512GB Samsung Galaxy S25 Edge and Google Pixel Watch 3. Notable Android app and game price drops include titles such as Towaga, Lumino City, Majesty: The Fantasy Kingdom, and Meteorfall: Journeys. Meteorfall is a deck-building roguelike adventure where players choose from four adventurers and enhance their decks with new cards. Combat involves drawing cards to either unleash their power or conserve stamina, adding strategic depth to encounters.

AppWizard

June 20, 2025

Minecraft players warned of mods stealing passwords & personal data

A recent investigation by Check Point Research has revealed a campaign targeting Minecraft mods that could compromise players' personal information. The campaign, orchestrated by the Stargazers Ghost Network, exploits the modding ecosystem and platforms like GitHub to reach players. Malware disguised as popular scripts or cheats, specifically targeting mods like “Oringo” and “Taunahi,” is crafted in Java and requires the Minecraft runtime to execute. Once installed, these malicious files initiate a multi-stage attack, compromising systems and extracting sensitive data. Check Point Research has been monitoring fraudulent GitHub repositories since March 2025, noting their legitimacy and ability to evade antivirus detection. Potential data breaches include browser logins, cryptocurrency wallets, and private messages on platforms like Discord.

AppWizard

June 20, 2025

GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps

Zimperium zLabs has identified a new version of the GodFather Android banking malware that uses on-device virtualization to infiltrate legitimate banking and cryptocurrency applications. This malware creates an isolated virtual environment on the victim's device, allowing attackers to observe and manipulate user interactions in real time. It employs a malicious host application with a virtualization framework that downloads and executes a copy of the targeted app, capturing credentials and sensitive information. GodFather targets nearly 500 applications globally, particularly focusing on Turkish financial institutions. It utilizes evasive tactics, including ZIP manipulation and obfuscation, to evade detection and installs its payload through a session-based dropper technique. The malware retains traditional overlay attacks and has extensive remote control capabilities, posing a significant threat to mobile security and user trust.

Tech Optimizer

June 19, 2025

Do You Need Antivirus for Chromebook?

Chromebooks are designed with robust security features, including sandboxing, verified boot, and automatic updates, which contribute to their reputation as secure devices. Despite these protections, vulnerabilities can still exist, particularly through phishing scams, risky extensions, and the use of Linux or Android apps. Security experts suggest that users who frequently engage in online shopping, download Android applications, connect to public Wi-Fi, or store sensitive information in the cloud should consider antivirus software for added protection. Recommended antivirus options for Chromebooks include TotalAV Essential Antivirus, Norton Mobile Security, and Avira Antivirus Security, each offering various features and benefits tailored for Chromebook users.

AppWizard

June 19, 2025

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Check Point researchers have discovered a malware campaign targeting Minecraft users, utilizing a distribution-as-a-service model called Stargazers. This malware, disguised as cheat tools, employs Java and .NET stealers to compromise player systems. The attackers have been active since March 2025, using GitHub repositories that appear to offer legitimate mods but contain malicious JAR files. The infection process begins with the installation of a compromised JAR file, which triggers a multi-stage attack that extracts sensitive data from Minecraft and Discord, as well as broader information like browser credentials and cryptocurrency wallet details. The malware is linked to Russian-speaking threat actors, and the Stargazers Ghost Network is identified as the distributor. The report highlights the need for caution when downloading third-party content in gaming communities.

AppWizard

June 19, 2025

Minecraft cheat tools may actually contain malware

Trojanized cheat tools for Minecraft hosted on GitHub have been found to install malware that extracts sensitive information from players. Check Point Research identified around 500 GitHub repositories involved, potentially compromising about 1,500 devices. This operation, active since March, is linked to Russian-speaking malware developers from the Stargazers Ghost Network. The malware, disguised as cheat tools like Oringo and Taunahi, initiates a multi-stage attack requiring Minecraft to be pre-installed. It first installs a malicious JAR mod that evades detection, then proceeds to steal Minecraft tokens, Microsoft account information, and data from platforms like Discord and Telegram. The final component captures credentials from web browsers, cryptocurrency wallets, VPN applications, and gaming platforms, sending the stolen data to a Discord webhook.