Authenticator Archives

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

Tech Optimizer

May 5, 2026

The best mobile antivirus software of 2026: Expert tested and reviewed

Bitdefender Mobile Security is currently regarded as the best mobile antivirus software, achieving a 100% detection rate for malware on Android devices according to AV-TEST's August 2025 report. The 2026 version introduces App Anomaly Detection and includes features like Scam Alert and anti-theft tools. Sophos Intercept X for Mobile offers a free version with a perfect score in AV-TEST's comparisons and features such as multi-factor authentication and a Privacy Advisor. Surfshark Antivirus, part of the Surfshark One package, scored six out of six in AV-TEST's evaluations and includes various security tools, but is only available for Android, macOS, and Windows. Avast Mobile Security is a popular free option with robust features and achieved perfect scores in protection and usability in AV-TEST's September-October 2025 report. AVG Antivirus, operating on the same engine as Avast, also detected 100% of malware in AV-TEST's March-April 2025 evaluations and includes anti-theft tools.

AppWizard

April 25, 2026

Have a Samsung phone and PC? You need the new Galaxy Connect Windows app

The user expanded their Samsung ecosystem with a Galaxy Book 4 Edge and tested the Galaxy Connect application, which includes four features: Continue on other devices, Storage Share, Multi Control, and Second Screen. Multi Control allows users to connect their Samsung phone or tablet as a secondary display, enabling seamless control of the mobile device from the primary display. The Second Screen feature lets users utilize a Galaxy tablet as a wireless display for their Windows computer, reducing lag by connecting directly. Storage Share provides access to files on Samsung devices from the PC's File Explorer, and the Continue on other devices feature syncs the clipboard for easier two-factor authentication. Users with ARM-based PCs may face limitations, and some without Intel network adapters have reported issues with Galaxy Connect's functionality.

Tech Optimizer

April 15, 2026

Bitdefender Total Security

Bitdefender Total Security includes features such as a network security inspector, advanced ransomware defense, a hardened browser, and an active Do Not Track system. It offers a two-tier pricing model: an individual subscription for .99 per year for five licenses and a family subscription for .99 for 25 licenses, which includes parental controls. The software features an interface similar to Bitdefender Antivirus Plus, with user-configurable buttons for quick access to features. It boasts high scores from independent antivirus testing labs and excels in malware protection and antiphishing tests. Bitdefender includes a SecurePass password manager, firewall protection, spam filtering, webcam protection, and cryptomining protection. The parental control features allow parents to manage their children's online activities, but they may not be as effective as dedicated solutions. Bitdefender Total Security provides protection for macOS and Android, with high ratings for its performance on these platforms. The Android app includes malware scanning, web protection, and anti-theft features. The Bitdefender Central app allows users to manage their security settings from mobile devices.

Winsage

March 12, 2026

Microsoft Introduces Phishing-Resistant Windows Sign-Ins With Entra Passkeys

Microsoft will introduce phishing-resistant passwordless authentication through passkeys for Windows devices, integrated with Microsoft Entra. This feature is expected to enter public preview between mid-March and late April 2026 for global tenants, while government cloud environments will receive the update from mid-April to mid-May. Users can access Entra-protected resources using device-bound passkeys stored securely within Windows Hello, allowing authentication through biometric or local verification methods. This update expands passwordless authentication to unmanaged or personal Windows devices. Passkeys utilize public-key cryptography, enhancing security by storing a private key on the device and registering a matching public key with the service. Each passkey is uniquely associated with a specific device and cannot be exported or synchronized. Organizations must enable the Passkeys (FIDO2) authentication method in Entra for the preview. This initiative is part of Microsoft's broader strategy to eliminate passwords, responding to rising cybersecurity concerns related to password-based authentication.

Tech Optimizer

February 16, 2026

Researchers Uncover OysterLoader, an Advanced Obfuscated Loader Powering Rhysida Attacks

OysterLoader, a sophisticated malware loader also known as Broomstick and CleanUp, has emerged as a significant threat since mid-2024. It is a multi-stage downloader linked to ransomware attacks and data theft, particularly associated with the Rhysida ransomware group. Written in C++, it infiltrates systems through malicious websites that impersonate legitimate software download platforms, tricking victims into executing a signed Microsoft Installer (MSI) that launches the malware. OysterLoader employs a four-stage infection chain designed to evade detection. The first stage uses a packer named TextShell to load hidden code into memory, creating an illusion of legitimacy through harmless Windows API calls. The second stage decompresses a concealed payload using a modified LZMA algorithm. The third stage functions as a downloader and environment tester, establishing contact with its command-and-control (C2) server via HTTPS. In the final stage, OysterLoader installs a malicious DLL that executes every 13 minutes through the Windows Task Scheduler, communicating with multiple hardcoded servers and transmitting critical system information. The malware uses customized Base64 encoding and variable communication endpoints to evade detection. Its primary objective is to ensure persistence and facilitate the delivery of additional payloads, including ransomware and credential stealers. Security analysts predict that OysterLoader will remain a formidable threat through 2026, particularly for organizations downloading administrative tools from unverified sources. Indicators of Compromise (IOC): - Mutex: h6p#dx!&fse?%AS! - Task: COPYING3 (rundll32 DllRegisterServer) - C2 Domain: grandideapay[.]com/api/v2/facade - RC4 Key: vpjNm4FDCr82AtUfhe39EG5JLwuZszKPyTcXWVMHYnRgBkSQqxzBfb6m75HZV3UyRY8vPxDna4WC2KMAgJjQqukrFdELXeGNSws9SBFXnYJ6ExMyu97KCebD5mTwaUj42NPAvHdkGhVtczWgfrZ3sLyRZg4HuX97AnQtK8xvpLU2CWDhVq5PEfjTNz36wdFasecBrkGSDApf83d6NMyaJCsvcRBq9ZYKthjuw5S27EVzWrPHgkmUxFL4bQSgMa4F - IP: 85.239.53.66

BetaBeacon

January 21, 2026

Epic Games App Launches Globally on Android

- Players can now send direct messages and group chats that sync across different platforms when logged into Fortnite on console, Epic Games Launcher on PC, or Epic Games mobile apps on iOS and Android. - Epic has integrated its Epic Authenticator into the mobile experience, allowing users to enable two-factor authentication using their phone for added security. - The Epic Games app focuses on communication and security, while the Epic Games Store mobile app centers on content access. - The Epic Games app is available globally on both Google Play Store for Android and Apple App Store for iOS, while the Epic Games Store mobile app is available worldwide through Epic's official website on Android and limited to devices in the European Union on iOS. - Epic's mobile updates prioritize communication, security, and account consistency to provide a unified player experience across PC, console, and mobile devices.

Winsage

November 27, 2025

Microsoft Security Keys May Require a PIN After Recent Windows Updates

Microsoft has updated Windows to require users to create and configure a PIN for FIDO2 security keys during sign-in, even if they did not set one during initial registration. This requirement applies to users who install the Windows preview update released on September 29, 2025 (KB5065789, OS Builds 26200.6725 and 26100.6725) or later updates. The necessity for a PIN is triggered when a Relying Party (RP) or Identity Provider (IDP) requests User Verification set to “Preferred.” The update aims to ensure compliance with WebAuthn specifications and began rolling out gradually on Windows 11 devices after the September 29, 2025 update, with full deployment completed by the November 11, 2025 security update (KB5068861, OS Builds 26200.7171 and 26100.7171). Windows now supports three verification settings: Discouraged, Preferred, and Required, with “Preferred” indicating that user verification should occur if supported by the authenticator.

Winsage

November 26, 2025

Microsoft: Security keys may prompt for PIN after recent updates

Microsoft issued a notice to users about a new behavior related to FIDO2 security keys following Windows updates since the September 2025 preview update. This change affects devices on Windows 11 versions 24H2 or 25H2, where users may be prompted to enter a PIN during authentication. The adjustment aligns with WebAuthn specifications, which outline protocols for authentication methods, including PINs and biometrics. User verification can be categorized as discouraged, preferred, or required, with "preferred" necessitating a PIN setup if supported by the authenticator. The rollout began after the KB5065789 preview update and was completed with the November KB5068861 security update. Microsoft stated that after installing the September 29, 2025 update, users might need to create a PIN to sign in with a security key, even if it was not required during initial registration. This behavior occurs when a Relying Party or Identity Provider requests User Verification = Preferred during authentication with a FIDO2 security key lacking a PIN. Organizations can opt to adjust the user verification setting to "discouraged" if they do not want to require users to create or enter PINs. FIDO2 security keys enable passwordless authentication by requiring the physical presence of a USB, NFC, or Bluetooth token, gaining popularity as organizations seek to reduce risks associated with traditional passwords.