attack Archives

AppWizard

June 6, 2025

Roguelike action game Reverie in the Moonlight announced for PC

Publisher and developer room6 is set to launch their roguelike action game, Reverie in the Moonlight, on PC via Steam in 2025. Players will take on the role of Little Tete, who, with the help of plush companions, fights nocturnal monsters that invade dreams. The game features 40 different plushies, each with unique abilities, such as Ham Jr., Snoozy-G, and Striped Angel. Players can collect gold after battles to acquire new plushies and over 100 items to enhance Tete's defenses. Additionally, players can customize Tete with more than 20 costumes, each providing distinct advantages and disadvantages. Official trailers for the game are available in multiple languages.

Tech Optimizer

June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6

AppWizard

June 5, 2025

Roguelike clean ’em up game Scrubbin’ Trubble announced for PC

Odd Object, a new studio led by Stevie Hryciw and Tyriq Plummer, is developing a game called Scrubbin’ Trubble, set to release on PC via Steam in 2025. It is a "roguelike clean ’em up" game that combines cleaning and combat, allowing solo or cooperative play for up to four players. Players can choose from six RPG-inspired classes, including Bubbaladin, Bleacher, and Washbuckler, each with unique abilities. The game features randomized levels called The House, where players face various enemies and must defeat one of the Four Filths of the Apocalypse to progress. Key features include character upgrades, pun-themed enemies, and specialized equipment like the "Wiper Rifle" and "Splash Bang." The game is designed for both short and long gaming sessions.

Tech Optimizer

June 3, 2025

Misspell one word and you’re infected: New malware campaign fools developers on both Windows and Linux

Cybersecurity experts have highlighted the risks of typosquatting, where developers accidentally download malicious packages due to typographical errors. A report from Checkmarx reveals that attackers exploit this trust by creating counterfeit packages that can grant unauthorized access to systems. Malicious packages have been found in the Python Package Index (PyPI) and can enable remote control, posing serious threats to system integrity. Attackers employ a cross-platform strategy, mixing names from different programming environments to target unsuspecting users. On Windows, malware can create scheduled tasks and disable antivirus protections, while on Linux, certain packages facilitate encrypted reverse shells for data exfiltration. Although the malicious packages have been removed, the threat remains, prompting developers to verify package sources and spellings. Checkmarx recommends organizations conduct audits of deployed packages and scrutinize application code to enhance security.

AppWizard

June 3, 2025

Facebook, Yandex Apps Secretly Track Users Via Hidden Ports, Research Claims

Recent findings from IMDEA Networks Institute indicate that Facebook and Instagram apps have been tracking Android users' web browsing activities without consent, bypassing privacy controls and functioning even in incognito mode. This tracking affects millions of websites using Meta's tracking code. Yandex has employed similar tracking techniques since 2017, creating a cross-platform surveillance network. The tracking exploits Android’s permission system by establishing background services that listen on network ports, allowing the apps to capture browsing data and associate it with users' accounts. Meta's pixel is present on about 5.8 million websites, while Yandex Metrica is on around 3 million sites, potentially impacting billions of users. Approximately 78% of sites with Meta’s pixel and 84% of Yandex's sites attempted localhost communications without user consent. This tracking method operates at the operating system level, unaffected by cookie clearing, incognito modes, or privacy settings. Researchers have demonstrated that malicious apps could exploit this technique to gather users' browsing histories. Many website operators were unaware of these localhost communications, leading to confusion and complaints. In response, major browser vendors are implementing measures to block these tracking methods. Meta ceased this tracking on June 3rd, coinciding with the research's public release. The research highlights a significant security gap in mobile platforms regarding localhost communications, emphasizing the need for stricter policies and vetting processes.

AppWizard

June 2, 2025

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities have been identified in pre-installed applications on Ulefone and Krüger&Matz Android smartphones, disclosed on May 30, 2025. Three vulnerabilities affect these devices, including CVE-2024-13915, which targets the com.pri.factorytest application, allowing unauthorized factory resets. CVE-2024-13916 and CVE-2024-13917 affect the com.pri.applock application on Krüger&Matz smartphones, enabling malicious apps to extract user PIN codes and inject arbitrary intents. These vulnerabilities stem from improper export of Android application components, allowing malicious applications to bypass Android’s permission model. Users are advised to check for updates and consider disabling vulnerable applications.

Winsage

May 31, 2025

New Malware Compromise Microsoft Windows Without PE Header

A new strain of malware has been operating undetected on Windows systems for several weeks, utilizing advanced evasion techniques that corrupt its Portable Executable (PE) headers to avoid detection. Security researchers discovered this malware embedded in the memory of a compromised system during an investigation, using a 33GB memory dump that revealed its presence in a dllhost.exe process with process ID 8200. The malware, classified as a Remote Access Trojan (RAT) by Fortinet, employs batch scripts and PowerShell commands for its attack and has capabilities for screenshot capture, remote server functionality, and system service manipulation. Its command and control infrastructure uses encrypted communications, complicating detection efforts. The malware's distinctive feature is the deliberate corruption of DOS and PE headers, which hinders reverse engineering and complicates the reconstruction of the executable from memory dumps. Researchers had to manually locate the malware’s entry point and resolve complex import tables for it to function in a controlled environment.

Tech Optimizer

May 31, 2025

Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections

ClickFix attacks have evolved from targeting Windows systems to also affecting macOS, iOS, and Android devices. The new version starts with a compromised website where cybercriminals inject JavaScript code that redirects users to a fake URL shortener. This action leads to a download page serving malware. On macOS, the attack executes a malicious shell script via a terminal command, while on Android and iOS, it can occur without user interaction, allowing malware to be downloaded simply by visiting the compromised site. The malware is packaged in a .TAR archive and has been flagged by multiple antivirus programs.

Tech Optimizer

May 31, 2025

Authorities Dismantled AVCheck, a Tool For Testing Malware Against Antivirus Detection

Law enforcement agencies from multiple nations dismantled a cybercriminal operation that provided malware testing services to evade antivirus detection. This effort led to the seizure of four domains and their servers, disrupting infrastructure that facilitated ransomware attacks globally. U.S. Attorney Nicholas J. Ganjei announced the disruption of an online software crypting syndicate that helped cybercriminals keep their malware undetected. The seized domains offered counter-antivirus tools and crypting services, allowing criminals to obfuscate malware and gain unauthorized access to systems. Investigators conducted undercover purchases and analyzed services, revealing connections to ransomware groups targeting victims in the U.S. and internationally. The operation, part of Operation Endgame, involved collaboration among the U.S., Netherlands, France, Germany, Denmark, Ukraine, and Portugal, with the FBI Houston Field Office leading the U.S. investigation. The seizures occurred on May 27.

AppWizard

May 30, 2025

Stellar Blade demo for PC now available

Sony Interactive Entertainment, in collaboration with SHIFT UP, has released a demo for the PC version of Stellar Blade on Steam. Players control EVE, a warrior from the 7th Airborne Squad, on a mission to reclaim Earth from the Naytiba. The demo features fast-paced combat, allowing players to perform attack combos and carry over save data to the full game. EVE faces powerful creatures in a post-apocalyptic world filled with mysteries. Key features include ultrawide monitor support, enhanced graphics, unlocked framerates, 4K texture pack support, and compatibility with both controller and keyboard. Stellar Blade is available on PlayStation 5 and will launch on PC on June 11.