banking Archives

Winsage

February 19, 2025

New Snake Keylogger infects Windows using AutoIt freeware

A new variant of the Snake Keylogger is targeting Windows users in Asia and Europe, utilizing the AutoIt scripting language for deployment to evade detection. This malware, built on the Microsoft .NET framework, infiltrates systems through spam email attachments, logging keystrokes, capturing screenshots, and collecting clipboard data to steal sensitive information like usernames, passwords, and credit card details from browsers such as Chrome, Edge, and Firefox. The keylogger transmits stolen data to its command-and-control server using methods like SMTP email, Telegram bots, and HTTP POST requests. The executable file is an AutoIt-compiled binary that unpacks and executes the keylogger upon opening. The keylogger replicates itself in the %Local_AppData%supergroup directory as ageless[.]exe and places a file named ageless[.]vbs in the Startup folder to ensure it runs automatically on system reboot. This persistence mechanism allows continued access to the infected machine without requiring administrative privileges. Once activated, the keylogger injects its payload into a legitimate .NET process, specifically targeting RegSvcs.exe through process hollowing. It logs keystrokes using the SetWindowsHookEx API with a low-level keyboard hook, capturing sensitive information. Additionally, it retrieves the victim's public IP address by pinging hxxp://checkip[.]dyndns[.]org for geolocation purposes.

Winsage

February 14, 2025

Microsoft makes another tweak to Windows 11’s taskbar – but it’s probably not the change you were hoping for

Microsoft has introduced a new icon on the Windows 11 taskbar that provides access to AI-driven Windows Studio Effects, which enhance video call quality with features like background blurring, simulated direct eye contact, improved lighting, and user centering. The icon appears when compatible applications are using the webcam, allowing users to see which application is accessing it, thus enhancing privacy. However, the feature is limited to devices with specific hardware requirements, including 16GB of RAM and a CPU with a neural processing unit (NPU), potentially restricting access for many users. This initiative is part of Microsoft's strategy to promote AI features, but user feedback has been mixed, with some expressing disappointment over the lack of traditional taskbar functionalities and questioning the necessity of these enhancements for professional use.

Tech Optimizer

February 11, 2025

Essential tips to protect your computer from malware

Malware includes various types of malicious software such as viruses, worms, Trojans, ransomware, and spyware. Email attachments and links are common methods for malware distribution, with cybercriminals often disguising malicious files as legitimate communications. Regular software updates are essential for protecting against security vulnerabilities. Pirated software frequently contains malware and poses risks to computer security. Installing antivirus and antimalware software is crucial for defense against attacks, with recommendations for programs like Windows Defender and Malwarebytes. Encrypting sensitive data can prevent unauthorized access, and maintaining cloud backups is vital for data recovery in case of ransomware attacks. Using a Virtual Private Network (VPN) is recommended when accessing the internet on public networks to protect personal information. Users should monitor their devices for suspicious activity, such as system slowdowns or unexpected pop-ups, and conduct malware scans if symptoms arise.

Winsage

February 5, 2025

Windows 10 on the brink of extinction: This is how vulnerable you really are!

Microsoft will cease support for Windows 10 in October 2025, meaning new security vulnerabilities will not be patched, increasing exposure to threats. Cybercriminals are expected to target Windows 10, which still has over 60% market share, making it an attractive target. ESET estimates that around 32 million PCs in Germany are still using Windows 10. Users can opt for the Extended Security Updates program for an additional cost, extending updates until October 2026, or use 0Patch for updates until 2030. Windows 10 IoT Enterprise LTSC 2021 will receive updates until 2032, but its use as an office PC is restricted. Users are encouraged to upgrade to Windows 11 where hardware compatibility exists for ongoing security updates and new features.

AppWizard

February 4, 2025

Remove These 12 Android Apps Now—They’re Secretly Capturing Your Conversations

Some Android applications are covertly monitoring conversations and collecting personal data without user consent. Cybersecurity firm ESET identified six malicious apps on Google Play and another six on third-party app stores that disguise themselves as legitimate messaging platforms. These apps harvest data such as text messages, call logs, and recorded conversations. Hackers also employ tactics like creating fake romantic connections to persuade victims to download infected apps, such as those containing the VajraSpy Trojan, which records conversations and accesses personal files. Three groups of dangerous apps include: 1. Messaging apps disguised as secure platforms (e.g., Hello Chat, MeetMe, Chit Chat) that steal contact information and SMS messages. 2. Apps exploiting accessibility features (e.g., Wave Chat) that can intercept messages and record phone calls. 3. A fake news app that seeks access to personal data without messaging capabilities. A list of malicious apps includes: Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat. Six of these apps were downloaded over 1,400 times each before being removed from Google Play. To protect privacy, users are advised to uninstall suspicious apps, change passwords, enable two-factor authentication, run security scans, and stay informed about cybersecurity threats.

Tech Optimizer

February 3, 2025

Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files

FortiGuard Labs has raised an alarm about the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users, particularly in Brazil. Researchers discovered malicious LNK files that use PowerShell commands to execute scripts and connect to remote servers, initiating a multi-stage attack aimed at extracting sensitive information from over 70 financial applications and more than 1,000 websites. The attack begins with an LNK file that triggers a PowerShell command to download and execute additional malicious scripts. The malware employs loaders, shellcode, and Windows registry modifications, with a DLL file named “bmwiMcDec” injecting payloads into processes. It gathers system information and transmits it to remote servers, while the main payload enables keylogging, screenshot capture, phishing overlays, and window manipulation. The Coyote Trojan communicates with command-and-control servers via port 443 and adapts its actions based on server directives. Fortinet's security solutions, including FortiGuard Antivirus and Web Filtering Service, can detect and block threats associated with this malware. Users are advised to keep security systems updated and engage in cybersecurity training.

AppWizard

February 3, 2025

Lloyds and Halifax banking app customers urged ‘do not make repeat payments’

Customers of Lloyds and Halifax faced disruptions with their banking applications, primarily related to difficulties in making and receiving payments. Reports of issues began around 7 a.m. on Monday, affecting several hundred users. Lloyds acknowledged the problems on social media and assured customers that online banking and telephone services remained operational. This incident follows a significant outage at Barclays attributed to a technology issue, which left many customers unable to access funds. Lloyds Banking Group announced plans to close 136 high street branches between May 2023 and March 2026, raising concerns about the reliability of digital banking services. Industry experts expressed worries regarding the resilience of financial infrastructure amid these technological disruptions.

AppWizard

February 2, 2025

Google Blocks Over 2 Million Risky Apps to Boost Android Security

In 2024, Google blocked 2.36 million potentially dangerous Android apps from the Play Store, including those that breached policies or were flagged as malicious through AI-assisted reviews. New security features included improved biometric authentication and passkeys. AI-driven threat detection technology automated 92% of human assessments, enhancing the identification of malicious apps. Google expanded its Play SDK database with 80 new reliable SDKs and prevented 1.3 million apps from accessing sensitive user information. The Play Protect system detected over 13 million new malicious apps from outside the Play Store. Google expanded its untrusted APK installation blocking system to Brazil, India, Nigeria, and South Africa. Recommendations for users included installing apps from trusted sources and regularly reviewing app permissions.

AppWizard

February 2, 2025

More than 90 Google Play Android apps identified with malware that steals your banking information – many already affected (5.5 million downloads)

Over 90 malicious Android applications were found on Google Play, including the banking trojan Anatsa, which has contributed to 5.5 million downloads across these apps. Google removed the identified apps from the Play Store after the report, which highlighted that Anatsa targets over 650 financial institutions. Two infected apps, disguised as PDF and QR code readers, had over 70,000 downloads before being reported. Anatsa operates stealthily, stealing banking information while appearing as benign applications. Other malware threats on Google Play include Joker, Facestealer, and Coper. Users are advised to be cautious when downloading apps and to scrutinize requested permissions. The two Anatsa-infected apps are no longer available, and the developers have been banned. Google Play Protect helps safeguard users by removing known malicious apps.

Winsage

December 17, 2024

You Can Now Test ‘Recall,’ Windows’ Controversial AI Feature

The Recall feature in Windows allows users to revisit their digital history by accessing past documents, photos, and webpages through captured screenshots processed by Copilot AI. Users can opt-in during installation and manage settings related to snapshot retention and storage limits. A sensitive information filter prevents the storage of critical data, and users can exclude specific apps and websites. Recall requires identity verification and encrypts all captured information locally. The interface allows users to search through snapshots using natural language and offers options to delete, transfer, or extract content from them. Recall is currently in a preview phase, with ongoing discussions about its privacy and security measures.