battery optimization Archives

AppWizard

March 28, 2025

Hackers target Taiwan with malware delivered via fake messaging apps

Recent research from cybersecurity firm Sophos has identified the use of PJobRAT malware targeting users in Taiwan through instant messaging applications SangaalLite and CChat, which mimic legitimate platforms. These malicious apps were available for download on various WordPress sites, now taken offline. PJobRAT, an Android remote access trojan first identified in 2019, has been used to steal SMS messages, contacts, device information, documents, and media files. The recent cyber-espionage initiative lasted nearly two years, affecting a limited number of users, indicating a targeted approach by the attackers. The latest version of PJobRAT lacks the ability to steal WhatsApp messages but allows attackers greater control over infected devices. The distribution method for these apps remains unclear, but previous campaigns involved third-party app stores and phishing pages. Upon installation, the apps request extensive permissions and provide basic chat functionalities. Sophos researchers note that threat actors often refine their strategies after campaigns, suggesting ongoing risks.

AppWizard

March 28, 2025

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT is an Android Remote Access Trojan that re-emerged in 2023, targeting users in Taiwan. Initially known for targeting Indian military personnel, it now disguises itself as benign apps like ‘SangaalLite’ and ‘CChat’, distributed via defunct WordPress sites operational from January 2023 to October 2024, with domain registrations dating back to April 2022. The malware is spread through counterfeit applications resembling legitimate messaging services, prompting users to grant extensive permissions. Enhanced capabilities allow it to execute shell commands, access data from any app, root devices, and communicate with command-and-control servers via Firebase Cloud Messaging and HTTP. The campaign appears to have concluded, highlighting the evolving tactics of threat actors. Users are advised against installing apps from untrusted sources and to use mobile threat detection software.

AppWizard

March 28, 2025

PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel

PJobRAT is an Android Remote Access Trojan (RAT) that re-emerged in 2023 with improved capabilities and a refined targeting strategy, previously known for attacking Indian military personnel in 2021. It is now targeting users in Taiwan through social engineering tactics, disguising itself as legitimate dating and messaging apps. The malware is distributed via compromised WordPress sites hosting fake applications like “SaangalLite” and “CChat.” The infection footprint is small, indicating highly targeted attacks rather than widespread campaigns. PJobRAT retains its core functionality of exfiltrating sensitive information, including SMS messages, contacts, and media files, while enhancing command execution capabilities. Upon installation, the malicious apps request extensive permissions to operate continuously in the background. The malware uses a dual-channel communication infrastructure, with Firebase Cloud Messaging (FCM) as the primary command channel and a secondary HTTP-based channel for data exfiltration to a command-and-control server. The campaign appears to have concluded, but the evolution of PJobRAT highlights the ongoing threat of sophisticated mobile malware targeting high-value individuals.

AppWizard

March 28, 2025

PJobRAT makes a comeback, takes another crack at chat apps

In 2021, PJobRAT, an Android Remote Access Trojan (RAT), targeted Indian military personnel through deceptive apps. A new campaign was discovered in 2023, focusing on users in Taiwan, with malicious apps like ‘SangaalLite’ and CChat disguised as instant messaging applications. These apps were available for download from WordPress sites, which have since been taken down. The campaign began in January 2023, with domains registered as early as April 2022, and the latest sample detected in October 2024. The number of infections was low, indicating a targeted approach rather than a broad attack. The distribution methods remain unclear, but may involve SEO poisoning, malvertising, or phishing. Once installed, the apps request extensive permissions and feature basic chat functionality. Recent versions of PJobRAT have shifted from stealing WhatsApp messages to executing shell commands, allowing greater control over compromised devices. PJobRAT communicates with its command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling the upload of various data types, including SMS, contacts, and files. The now inactive C2 server was located in Germany.

AppWizard

March 18, 2025

Malicious Android ‘Vapor’ apps on Google Play installed 60 million times

Over 300 malicious Android applications, identified as adware, have been downloaded 60 million times from Google Play. These apps, part of an operation called "Vapor," have attempted to steal sensitive user information and generate 200 million fraudulent advertising bid requests daily. The campaign was first uncovered by the IAS Threat Lab and has been active since early 2024. A total of 331 malicious applications were identified, with significant infections reported in Brazil, the United States, Mexico, Turkey, and South Korea. Notable offenders include AquaTracker, ClickSave Downloader, Scan Hawk, Water Time Tracker, Be More, BeatWatch, TranslateScan, and Handset Locator, each with varying download counts. The apps disguise themselves as utilities and employ tactics to evade detection, such as disabling their Launcher Activity and creating fullscreen overlays for ads. Users are advised to avoid unnecessary apps from unverified publishers and regularly check installed applications.

Winsage

November 28, 2024

Your next laptop should be a Copilot+ PC (like the Acer Swift 14 AI)

By 2025, it is projected that 80% of customer service teams will use generative AI, contributing USD 4.4 trillion annually to business processes. Generative AI allows for human-like conversations and is reshaping workflows across various sectors. Copilot+ PCs are designed for advanced AI features, requiring modern processors, a minimum of 16 GB of RAM, and at least 256 GB of SSD storage. The Acer Swift 14 AI features a 47 TOPS NPU, 32 GB of RAM, and 1 TB of SSD storage, and boasts a battery life of up to 29 hours. It includes AI-powered applications like User Sensing 2.0, Multi-Screen Assistance, and PurifiedVoice 2.0, enhancing productivity and user experience.

Tech Optimizer

November 13, 2024

SpyNote Malware Targets Android Antivirus Users

The Android Spynote malware disguises itself as a legitimate antivirus application called "Avast Mobile Security" to exploit vulnerabilities in Android systems. It requests permissions associated with antivirus apps, bypasses user restrictions, and excludes itself from battery optimization settings. Spynote simulates user gestures and displays misleading system update notifications to maintain its presence and hinder detection. Its primary target is cryptocurrency accounts, aiming to extract private keys and balance information for assets like Bitcoin, Ethereum, and Tether. The malware captures user credentials, stores them on the device's SD card, and employs obfuscation and evasion techniques to complicate detection efforts. It can detect virtual environments to evade analysis and monitors system settings to resist uninstallation attempts. Spynote is distributed through phishing sites that mimic the legitimate Avast download page, hosting malicious APKs named Avastavv.apk.

Winsage

August 15, 2024

Windows 11 Insider Canary Channel build 27686 has the new Windows Sandbox Client preview

Microsoft has released Windows 11 build number 27686 for Windows Insider program participants in the Canary Channel. This update features a preview of the Windows Sandbox Client, which includes runtime clipboard redirection, audio and video input control, and folder sharing capabilities with the host. Users can access these features via a new icon in the application. Enhancements include optimizations for battery performance, a new detach virtual hard disk button in Settings, periodic network tests for performance diagnostics, and an increased FAT32 size limit to 2TB. Several issues have been fixed, including problems with Dev Drive VHDs, battery icon synchronization on the lock screen, and display issues in the Windows Security app. Known issues include potential loss of Windows Hello PIN and biometrics for Copilot+ PCs transitioning to the Canary Channel and an issue with the emoji panel closing unexpectedly.