battery optimization Archives

AppWizard

April 15, 2025

Google rolls out an auto-reboot feature for Android phones to safeguard data

Google has released an update to its April Play Services and Store changelog, introducing an automatic reboot function for Android phones that have been locked for three consecutive days to enhance data encryption. The initial batch of April updates included battery life improvements and a security patch for Pixel devices. The update also features optimizations for device connectivity and a minor enhancement to the "Ask a question" feature in the Play Store. Additionally, the April update includes the 2025 security update for Pixel devices, addressing camera issues and screen dimming problems reported by users of the Pixel 6 and 7 series. The Pixel 9 Pro XL has been introduced, featuring a 6.8-inch display and a commitment to seven years of updates.

AppWizard

April 10, 2025

SpyNote Android malware resurfaces in campaign using spoofed app install pages

A report from DomainTools LLC reveals that cybercriminals are using newly registered domains to distribute the SpyNote Android remote access trojan (RAT) by creating fake websites that resemble legitimate Google Play app installation pages. These counterfeit pages often include familiar visual elements to deceive users into downloading harmful APK files, such as a site mimicking the TikTok installation page. The downloaded files typically contain variants of SpyNote, which can conduct surveillance, harvest sensitive information, and execute remote commands on compromised devices. The delivery mechanism involves a two-stage process where a dropper APK installs a secondary APK with core spyware functionalities, utilizing JavaScript to trigger downloads from fake install buttons. Common characteristics of the domains distributing SpyNote include registration with NameSilo LLC and XinNet Technology Corp., hosting on infrastructure linked to Lightnode Ltd and Vultr Holdings LLC, and the presence of SSL certificates. The malware delivery sites contain code in both English and Chinese, suggesting a Chinese-speaking threat actor may be involved. SpyNote has been associated with advanced persistent threat groups targeting individuals in South Asia, including those in the Indian defense sector. Once installed, SpyNote requests intrusive permissions to access SMS, contacts, call logs, camera, microphone, and location services, and employs persistence mechanisms that make it difficult to remove. DomainTools advises users to be vigilant against spoofed app pages and avoid sideloading APKs from unverified sources.

AppWizard

March 28, 2025

Hackers target Taiwan with malware delivered via fake messaging apps

Recent research from cybersecurity firm Sophos has identified the use of PJobRAT malware targeting users in Taiwan through instant messaging applications SangaalLite and CChat, which mimic legitimate platforms. These malicious apps were available for download on various WordPress sites, now taken offline. PJobRAT, an Android remote access trojan first identified in 2019, has been used to steal SMS messages, contacts, device information, documents, and media files. The recent cyber-espionage initiative lasted nearly two years, affecting a limited number of users, indicating a targeted approach by the attackers. The latest version of PJobRAT lacks the ability to steal WhatsApp messages but allows attackers greater control over infected devices. The distribution method for these apps remains unclear, but previous campaigns involved third-party app stores and phishing pages. Upon installation, the apps request extensive permissions and provide basic chat functionalities. Sophos researchers note that threat actors often refine their strategies after campaigns, suggesting ongoing risks.

AppWizard

March 28, 2025

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT is an Android Remote Access Trojan that re-emerged in 2023, targeting users in Taiwan. Initially known for targeting Indian military personnel, it now disguises itself as benign apps like ‘SangaalLite’ and ‘CChat’, distributed via defunct WordPress sites operational from January 2023 to October 2024, with domain registrations dating back to April 2022. The malware is spread through counterfeit applications resembling legitimate messaging services, prompting users to grant extensive permissions. Enhanced capabilities allow it to execute shell commands, access data from any app, root devices, and communicate with command-and-control servers via Firebase Cloud Messaging and HTTP. The campaign appears to have concluded, highlighting the evolving tactics of threat actors. Users are advised against installing apps from untrusted sources and to use mobile threat detection software.

AppWizard

March 28, 2025

PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel

PJobRAT is an Android Remote Access Trojan (RAT) that re-emerged in 2023 with improved capabilities and a refined targeting strategy, previously known for attacking Indian military personnel in 2021. It is now targeting users in Taiwan through social engineering tactics, disguising itself as legitimate dating and messaging apps. The malware is distributed via compromised WordPress sites hosting fake applications like “SaangalLite” and “CChat.” The infection footprint is small, indicating highly targeted attacks rather than widespread campaigns. PJobRAT retains its core functionality of exfiltrating sensitive information, including SMS messages, contacts, and media files, while enhancing command execution capabilities. Upon installation, the malicious apps request extensive permissions to operate continuously in the background. The malware uses a dual-channel communication infrastructure, with Firebase Cloud Messaging (FCM) as the primary command channel and a secondary HTTP-based channel for data exfiltration to a command-and-control server. The campaign appears to have concluded, but the evolution of PJobRAT highlights the ongoing threat of sophisticated mobile malware targeting high-value individuals.

AppWizard

March 28, 2025

PJobRAT makes a comeback, takes another crack at chat apps

In 2021, PJobRAT, an Android Remote Access Trojan (RAT), targeted Indian military personnel through deceptive apps. A new campaign was discovered in 2023, focusing on users in Taiwan, with malicious apps like ‘SangaalLite’ and CChat disguised as instant messaging applications. These apps were available for download from WordPress sites, which have since been taken down. The campaign began in January 2023, with domains registered as early as April 2022, and the latest sample detected in October 2024. The number of infections was low, indicating a targeted approach rather than a broad attack. The distribution methods remain unclear, but may involve SEO poisoning, malvertising, or phishing. Once installed, the apps request extensive permissions and feature basic chat functionality. Recent versions of PJobRAT have shifted from stealing WhatsApp messages to executing shell commands, allowing greater control over compromised devices. PJobRAT communicates with its command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling the upload of various data types, including SMS, contacts, and files. The now inactive C2 server was located in Germany.

AppWizard

March 18, 2025

Malicious Android ‘Vapor’ apps on Google Play installed 60 million times

Over 300 malicious Android applications, identified as adware, have been downloaded 60 million times from Google Play. These apps, part of an operation called "Vapor," have attempted to steal sensitive user information and generate 200 million fraudulent advertising bid requests daily. The campaign was first uncovered by the IAS Threat Lab and has been active since early 2024. A total of 331 malicious applications were identified, with significant infections reported in Brazil, the United States, Mexico, Turkey, and South Korea. Notable offenders include AquaTracker, ClickSave Downloader, Scan Hawk, Water Time Tracker, Be More, BeatWatch, TranslateScan, and Handset Locator, each with varying download counts. The apps disguise themselves as utilities and employ tactics to evade detection, such as disabling their Launcher Activity and creating fullscreen overlays for ads. Users are advised to avoid unnecessary apps from unverified publishers and regularly check installed applications.

Winsage

November 28, 2024

Your next laptop should be a Copilot+ PC (like the Acer Swift 14 AI)

By 2025, it is projected that 80% of customer service teams will use generative AI, contributing USD 4.4 trillion annually to business processes. Generative AI allows for human-like conversations and is reshaping workflows across various sectors. Copilot+ PCs are designed for advanced AI features, requiring modern processors, a minimum of 16 GB of RAM, and at least 256 GB of SSD storage. The Acer Swift 14 AI features a 47 TOPS NPU, 32 GB of RAM, and 1 TB of SSD storage, and boasts a battery life of up to 29 hours. It includes AI-powered applications like User Sensing 2.0, Multi-Screen Assistance, and PurifiedVoice 2.0, enhancing productivity and user experience.

Tech Optimizer

November 13, 2024

SpyNote Malware Targets Android Antivirus Users

The Android Spynote malware disguises itself as a legitimate antivirus application called "Avast Mobile Security" to exploit vulnerabilities in Android systems. It requests permissions associated with antivirus apps, bypasses user restrictions, and excludes itself from battery optimization settings. Spynote simulates user gestures and displays misleading system update notifications to maintain its presence and hinder detection. Its primary target is cryptocurrency accounts, aiming to extract private keys and balance information for assets like Bitcoin, Ethereum, and Tether. The malware captures user credentials, stores them on the device's SD card, and employs obfuscation and evasion techniques to complicate detection efforts. It can detect virtual environments to evade analysis and monitors system settings to resist uninstallation attempts. Spynote is distributed through phishing sites that mimic the legitimate Avast download page, hosting malicious APKs named Avastavv.apk.

Winsage

August 15, 2024

Windows 11 Insider Canary Channel build 27686 has the new Windows Sandbox Client preview

Microsoft has released Windows 11 build number 27686 for Windows Insider program participants in the Canary Channel. This update features a preview of the Windows Sandbox Client, which includes runtime clipboard redirection, audio and video input control, and folder sharing capabilities with the host. Users can access these features via a new icon in the application. Enhancements include optimizations for battery performance, a new detach virtual hard disk button in Settings, periodic network tests for performance diagnostics, and an increased FAT32 size limit to 2TB. Several issues have been fixed, including problems with Dev Drive VHDs, battery icon synchronization on the lock screen, and display issues in the Windows Security app. Known issues include potential loss of Windows Hello PIN and biometrics for Copilot+ PCs transitioning to the Canary Channel and an issue with the emoji panel closing unexpectedly.